DeepDiff Class Pollution Vulnerability Leading to Denial-of-Service and Remote Code Execution

A vulnerability allowing class pollution has been identified in the DeepDiff library, specifically in versions 5.0.0 through 8.6.0. This issue arises in the Delta class constructor, where user-controlled input can be manipulated to alter the 'SAFE_TO_IMPORT' setting. By introducing dangerous classes, such as 'posix.system', and exploiting insecure deserialization with Pickle, an attacker could execute arbitrary Python code. Additionally, this vulnerability could disrupt application functionality or, in web contexts, bypass authentication.

Impact

Exploitation of this vulnerability causes class pollution that can disrupt normal application operations and, in web applications, potentially bypass authentication mechanisms. Furthermore, it allows for remote code execution on the server where the application is running.

Reproduction

To reproduce this vulnerability, first, create a Pickle payload that modifies the 'SAFE_TO_IMPORT' set to include 'posix.system'. This can be done by crafting a dictionary that, when deserialized, adds 'posix.system' to the 'SAFE_TO_IMPORT' variable in the DeepDiff serialization module. Once the payload is prepared, it can be unpickled in an application using DeepDiff, specifically through the Delta class, which will execute the injected command via 'posix.system'.

Remediation

Users can upgrade to DeepDiff version 8.6.1, which addresses the vulnerability by adding validation to prevent class pollution and remote code execution risks. The update also includes security tests to ensure the vulnerability is not reintroduced.