Headline
GHSA-5m22-cfq9-86x6: Pickle serialization vulnerable to Deserialization of Untrusted Data
What
We are using pickle as default serialization module but that has known security issues (see e.g. https://medium.com/ochrona/python-pickle-is-notoriously-insecure-d6651f1974c9).
In summary, it is not advisable to open Pickles that you create yourself locally. In vantage6, algorithms use pickles to send aggregated data around and to pack algorithm input or output. All of the Python algorithms that use the wrappers with default serialization are therefore vulnerable to this issue.
Solution: we should use JSON instead
Impact
All users of vantage6 that post tasks with algorithms that use the default serialization. The default serialization is used by default with all algorithm wrappers.
Patches
Not yet
Workarounds
Specify JSON serialization
Package
pip vantage6 (pip)
Affected versions
<= 4.0.2
Patched versions
None
Description
What
We are using pickle as default serialization module but that has known security issues (see e.g. https://medium.com/ochrona/python-pickle-is-notoriously-insecure-d6651f1974c9).
In summary, it is not advisable to open Pickles that you create yourself locally. In vantage6, algorithms use pickles to send aggregated data around and to pack algorithm input or output. All of the Python algorithms that use the wrappers with default serialization are therefore vulnerable to this issue.
Solution: we should use JSON instead
Impact
All users of vantage6 that post tasks with algorithms that use the default serialization. The default serialization is used by default with all algorithm wrappers.
Patches
Not yet
Workarounds
Specify JSON serialization
References
- GHSA-5m22-cfq9-86x6
- https://nvd.nist.gov/vuln/detail/CVE-2023-23930
- vantage6/vantage6@e62f03b
- https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400
- https://medium.com/ochrona/python-pickle-is-notoriously-insecure-d6651f1974c9
frankcorneliusmartin published to vantage6/vantage6
Oct 11, 2023
Published to the GitHub Advisory Database
Oct 13, 2023
Reviewed
Oct 13, 2023
Last updated
Oct 13, 2023
Related news
vantage6 is privacy preserving federated learning infrastructure. Versions 4.0.2 and prior use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. No patches are currently available, but users may specify JSON serialization as a workaround.