Ludwig Framework Insecure Deserialization Vulnerability in Predict Method Allowing Arbitrary Code Execution

A vulnerability allowing insecure deserialization has been identified in the Ludwig framework, affecting versions through 0.10.4. The issue arises in the predict() method, where user-provided dataset file paths are automatically processed to determine the file format. If a pickle file is detected, it is loaded using pandas.read_pickle() without any security checks. This flaw enables the deserialization of arbitrary Python objects, as the pickle module is inherently unsafe. A remote attacker could exploit this vulnerability by crafting a malicious pickle file, potentially leading to arbitrary code execution on the host system.

Impact

Exploitation of this vulnerability could result in arbitrary code execution on the system running the Ludwig framework.

Reproduction

To reproduce this vulnerability, use the Ludwig framework version 0.10.4 or earlier. In the predict() method, provide a dataset file path that points to a maliciously crafted pickle file. The framework will load the file using pandas.read_pickle(), allowing the deserialization of arbitrary Python objects. If the deserialized object includes executable code, it could be executed, leading to arbitrary code execution on the system.

Remediation

Users can update to Ludwig version 0.11.0 or later, where this vulnerability has been addressed.