European Space Agency AnomalyMatch Unsafe Deserialization Vulnerability Leading to Arbitrary Code Execution

A vulnerability exists in European Space Agency (ESA) AnomalyMatch versions prior to 1.3.1, allowing attackers to execute arbitrary code by exploiting unsafe deserialization in the model checkpoint loader. The application loads model files from session directories using torch.load() with unrestricted deserialization, creating a risk when maliciously crafted checkpoint files are introduced into the workflow.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the host where the checkpoint is loaded, under the privileges of the user running AnomalyMatch. This could lead to data exfiltration, unauthorized access to other systems, or manipulation of scientific results, depending on the deployment environment.

Remediation

Users are advised to upgrade to AnomalyMatch version 1.3.1 or later. The update eliminates the vulnerability by removing all torch.save and torch.load() calls with weights_only set to False, migrating checkpoint serialization to safetensors, and not retaining compatibility with legacy .pth or .pkl files. Checkpoints from untrusted sources should not be loaded with versions prior to 1.3.1.