pyquokka FlightServer Remote Code Execution Vulnerability via Unsafe Pickle Deserialization

A remote code execution vulnerability exists in the pyquokka framework, specifically in the FlightServer class, versions through 0.3.1. The issue arises because the do_action() method uses pickle.loads() to deserialize action bodies from Flight clients without proper validation or sanitization. This vulnerability is particularly critical when the FlightServer is configured to listen on 0.0.0.0, allowing attackers across the network to execute arbitrary code by sending malicious pickled payloads through the set_configs action. Additional vulnerabilities are present in the cache_garbage_collect, do_put, and do_get functions, where untrusted remote data is deserialized using pickle.loads().

Impact

Exploitation of this vulnerability allows for arbitrary remote code execution on the server where FlightServer is running. This could lead to complete system compromise, unauthorized data access or modification, disruption of service, and potential installation of persistent backdoors, according to the GitHub Advisory.

Reproduction

To reproduce this vulnerability, start a FlightServer instance that binds to 0.0.0.0. Once the server is running, send a malicious pickle payload through the Flight client connection. The payload can be crafted to execute arbitrary commands on the server, such as listing directory contents. The vulnerability can be demonstrated using a provided proof-of-concept script that connects to the vulnerable server and executes commands via the deserialization flaw.

Remediation

Users are advised to update to pyquokka version 0.3.2, where this vulnerability has been patched. Additionally, replace unsafe deserialization methods with safer alternatives, such as JSON serialization for simple data or Protocol Buffers for complex data. If pickle must be used, implement a custom Unpickler to restrict deserialization to whitelisted classes. For services intended for internal use, bind to localhost instead of 0.0.0.0, and consider adding authentication and authorization mechanisms.