FedML-AI FedML Remote Code Execution Vulnerability via gRPC Pickle Deserialization
Vulnerability
A remote code execution vulnerability exists in FedML-AI FedML versions through 0.8.9. The issue arises in the gRPC server component, specifically within the sendMessage function of grpc_server.py. The vulnerability is due to unsafe deserialization of data received through gRPC messages, which are processed without proper validation. This flaw allows an unauthenticated remote attacker to send maliciously crafted Python pickle payloads that, when deserialized, execute arbitrary code on the affected federated learning node.
Impact
Exploitation of this vulnerability allows for remote code execution on the affected node.
Reproduction
To reproduce this vulnerability, connect to the exposed FedML gRPC server on the default port 8890 or higher. Send a maliciously crafted serialized payload to the sendMessage RPC endpoint. The server will deserialize the payload using pickle.loads(), executing the embedded code and achieving remote code execution.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.