Skops Operator Function Node Inconsistency Leading to Arbitrary Code Execution Vulnerability

A vulnerability exists in the Skops library, specifically in versions through 0.11.0, within the OperatorFuncNode component. This vulnerability allows for the execution of untrusted operator methods to be concealed, creating an opportunity for code reuse attacks. By exploiting this flaw, an attacker can invoke functions that appear safe, ultimately escalating to arbitrary code execution while misleadingly presenting trusted types.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the victim's machine, with the attack occurring at load time. The execution is disguised under seemingly benign trusted types, potentially leading to severe consequences, especially in collaborative environments where Skops is commonly used.

Reproduction

The vulnerability can be reproduced by crafting a malicious model file that exploits the OperatorFuncNode's handling of trusted types. When this model is loaded using the Skops library, it executes untrusted operator methods, such as 'operator.call', while presenting a false sense of security by including misleading trusted type references. This can be automated with a script that prepares the malicious model file and loads it in a way that triggers the vulnerability.

Remediation

Users should update to Skops version 0.12.0 or later, where this vulnerability has been addressed.