HumanSignal Label-Studio-ML-Backend Deserialization Vulnerability in PT File Handler
Vulnerability
A deserialization vulnerability has been identified in HumanSignal label-studio-ml-backend versions prior to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf. The issue arises in the PT File Handler component, specifically within the load function of neural_nets.py. The vulnerability allows arbitrary code execution by deserializing untrusted data with torch.load, without proper validation. This exploitation must be conducted locally.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the system where the application is running.
Reproduction
To reproduce this vulnerability, create a malicious .pt file containing executable code and load it using the vulnerable load function in neural_nets.py. The deserialization process will execute the embedded code, leading to potential security risks such as remote code execution or a denial-of-service condition.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.