Hugging Face's logo

willardj
/
msgpack-numpy-rce-poc

security-research
vulnerability-poc
Model card Files
xet
 Community

msgpack-numpy RCE PoC (CWE-502)

DO NOT LOAD THIS FILE IN AN UNCONTROLLED ENVIRONMENT

This repository contains a proof-of-concept .msgpack file that demonstrates arbitrary code execution via msgpack_numpy.unpackb().

Vulnerability

msgpack_numpy.decode() at line 99-100 calls pickle.loads(obj[b'data']) with zero validation when obj[b'kind'] == b'O'. An attacker who distributes a crafted .msgpack file causes any victim process that loads it with msgpack_numpy.unpackb() to execute arbitrary code.

Reproduction 

import msgpack_numpy
import msgpack

data = open("malicious.msgpack", "rb").read()
msgpack_numpy.unpackb(data, raw=False)  # RCE triggers here
# Creates /tmp/msgpack-rce-proof.txt with content "EXPLOITED"

Affected

  • msgpack-numpy 0.4.8 (latest, all versions affected)
  • 842,000 monthly PyPI downloads
  • Unmaintained since July 2024
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support