Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default yaml loader is unsafe #1696

Closed
JulesDT opened this issue Dec 6, 2018 · 2 comments
Closed

Default yaml loader is unsafe #1696

JulesDT opened this issue Dec 6, 2018 · 2 comments

Comments

@JulesDT
Copy link

JulesDT commented Dec 6, 2018

Hello !

I think there is an issue in the yaml_loader method in /utils/__init__.py. The default loader used to load templates is unsafe and might lead to an RCE.

mkdocs/mkdocs/utils/__init__.py

Line 62 in cc03fd0

def yaml_load(source, loader=yaml.Loader):

This should rather be the SafeLoader by default to avoid someone loading a malicious template to execute arbitrary code.
@JulesDT JulesDT mentioned this issue Dec 6, 2018
Closed
@JulesDT
Copy link
Author

JulesDT commented Dec 6, 2018
edited

I made a PR to fix this issue (#1697), as well as a small PoC of this vulnerability available here: https://github.com/JulesDT/mkdocs-theme-rce-poc

@waylan
Copy link
Member

waylan commented Dec 6, 2018

This is a duplicate of #1529

@waylan waylan closed this as completed Dec 6, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

use SafeLoader instead of the default Pyyaml loader JulesDT/mkdocs
2 participants
@waylan @JulesDT