Name of the Vulnerable Software and Affected Versions:

modelscope/ms-swift versions through 2.6.1

Description:

The modelscope/ms-swift library is susceptible to arbitrary code execution through the deserialization of untrusted data. This occurs within the `load model meta()` function of the `ModelFileSystemCache()` class, utilizing `pickle.load()` on data originating from potentially untrusted sources. Attackers can exploit this by crafting a malicious serialized `.mdl` payload, leading to remote code execution (RCE). The malicious payload is a hidden file, making detection difficult. The normal training process remains unaffected after the execution of arbitrary code.

Recommendations:

versions prior to 2.7