datapizza-labs datapizza-ai Unsafe Deserialization Vulnerability in Redis Cache Allowing Remote Command Execution

A vulnerability exists in datapizza-labs datapizza-ai version 0.0.2, specifically within the RedisCache function of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. This vulnerability arises from unsafe deserialization of data using the pickle library, which can lead to remote command execution on the server where the application is running. The issue requires access to the local network for exploitation, and while the vulnerability is publicly known and has an available exploit, it is considered to have a high complexity level, making exploitation difficult.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server host, potentially leading to a complete takeover of the server.

Reproduction

The vulnerability can be reproduced by first installing datapizza-ai version 0.0.7 and the datapizza-ai-cache-redis package. After setting up a Redis server, the RedisCache module can be used to retrieve a crafted, pickled object that, when deserialized, executes a command on the server. This process involves poisoning the Redis cache with the malicious payload and then accessing it through the application, which triggers the execution of the embedded command.