DiskCache Arbitrary Code Execution Vulnerability Due to Unsafe Pickle Deserialization

A vulnerability in DiskCache (python-diskcache) versions through 5.6.3 allows for arbitrary code execution via unsafe deserialization of untrusted data. The library uses Python's pickle module for serialization by default, which is known to be insecure. An attacker with write access to the cache directory can inject a malicious pickle payload that executes code when the cached data is read by the application. This vulnerability arises from improper handling of serialization, lack of security warnings in the documentation, and the default use of pickle without safe deserialization measures.

Impact

Exploitation of this vulnerability leads to arbitrary code execution within the context of the victim application, with full access to the application's permissions. This allows for execution of any command, access to environment variables (which may contain sensitive information like API keys and database credentials), and potential lateral movement to other services in the network, especially in containerized environments.

Reproduction

To reproduce this vulnerability, write a malicious pickle payload into the cache directory using a filesystem-level write access. This can be done by exploiting misconfigured permissions that allow local users to write to the cache directory, or by injecting the payload through a compromised container that shares a volume with another container using DiskCache. Once the malicious payload is written, the vulnerability can be triggered by calling 'cache.get()' with the key corresponding to the injected payload, which will deserialize the pickle and execute the embedded code.

Remediation

Users are advised to switch from the default pickle serializer to JSON serialization, using DiskCache's JSONDisk option. Additionally, cache directory permissions should be restricted to prevent unauthorized write access.