Skops Arbitrary Code Execution Vulnerability in Card.get_model Function

A vulnerability allowing arbitrary code execution has been identified in the Skops library, specifically in versions prior to 0.13.0. The issue arises in the Card.get_model function, which facilitates loading scikit-learn models. When models are loaded from non-.zip file formats, the function defaults to using Joblib, a library that permits arbitrary code execution, without any warning. This behavior bypasses Skops' security measures, which are designed to prevent such risks. The vulnerability can be exploited by crafting a malicious model file that, when loaded, executes code on the user's machine. This issue has been addressed in Skops version 0.13.0.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the user's machine, executed silently during the model loading process. This stealthy execution makes it difficult to detect, posing a significant security risk, especially in collaborative environments where Skops is used.

Reproduction

To reproduce this vulnerability, create a malicious model file that includes code to be executed. Then, use the Skops Card class to load this model file with the get_model method. If the model file is not a .zip file, the function will use Joblib to load the model, resulting in the execution of the malicious code.

Remediation

Users can upgrade to Skops version 0.13.0 or later, where this vulnerability has been fixed.