CVE-2021-35196: 
NixOS vulnerability analysis and mitigation

Manuskript through version 0.12.0 contains an insecure deserialization vulnerability (CVE-2021-35196) that allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file. The vulnerability exists due to insecure deserialization via the pickle.load() function in settings.py. This vulnerability is disputed as the vendor's position is that the product is not intended for opening untrusted project files (NVD).

The vulnerability exists in the settings.py file where pickle.loads() and pickle.load() functions are used to deserialize project settings without proper validation. The exploitation requires creating a malicious settings.pickle file and including it in a project file. The vulnerability can be triggered by loading a project without a MANUSKRIPT text file or VERSION text file, causing the project version to default to 0, which uses the vulnerable pickle module for deserialization (PizzaPower Blog). The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

Successful exploitation of this vulnerability allows attackers to execute arbitrary code on the target system. This could potentially lead to complete system compromise, as demonstrated by proof-of-concept code that can create a reverse shell on the affected system (PizzaPower Blog).

A pull request was submitted to remove the vulnerable functionality and deprecate the old pickled settings. Users are advised to avoid opening untrusted project files (PizzaPower Blog).

The vulnerability is marked as disputed in the NVD database, with the vendor stating that the product is not intended for opening untrusted project files. This has led to some discussion about the validity of the vulnerability classification (NVD).