Security Fix (yaml desearilization) in 17g

[Asjidkalam]

📊 Metadata *

Insecure YAML deserialization

Bounty URL: https://www.huntr.dev/bounties/1-other-17g

⚙️ Description *

17g This is read the only mirror, this package is vulnerable for Arbitary Code Execution

💻 Technical Description *

Vulnerable to YAML deserialization attack caused by unsafe loading.

🐛 Proof of Concept (PoC) *

python3 exp.py

from config import *

load_yaml("test.yaml")

test.yaml

payload = """cmd: !!python/object/new:type
  args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
  listitems: "__import__('os').system('xcalc')"
"""

🔥 Proof of Fix (PoF) *

Used a safer loader(SafeLoader) instead of FullLoader.

The issue is fixed, and hence no code is executed.

👍 User Acceptance Testing (UAT)

All Ok, No breaking changes introduced. :)

[huntr-helper]

👋 Hello, @clefebvre - @Asjidkalam has opened a PR to us with a fix for a potential vulnerability in your repository. To view the vulnerability, please refer to the bounty URL in the first comment, above.

Ultimately, you get to decide if the fix is 👍 or 👎. If you are happy with the fix, please write a new comment (@huntr-helper - LGTM) and we will open a PR to your repository with the fix. All remaining PRs for this vulnerability will be automatically closed.

If you have any questions or need support, come and join us on our community Discord!

@clefebvre & @Asjidkalam - thank you for your efforts in securing the world’s open source code! 🎉

---

🔨 Want more security researchers protecting your repository?

Stick our badge on your README.md, and let security researchers know that they can win bounties protecting your repositories. Sounds cool, huh? 😎

Copy this small code snippet and insert it into your README.md:

[![huntr](https://cdn.huntr.dev/huntr_security_badge.svg)](https://huntr.dev)

👇 👇 👇