Plataforma
python
Componente
django-make-app
Corrigido em
0.1.4
CVE-2017-16764 is a critical remote code execution (RCE) vulnerability affecting versions of django-make-app up to 0.1.3. This flaw stems from insecure YAML parsing within the readyamlfile method, allowing attackers to inject malicious Python code. Successful exploitation can grant an attacker complete control over the affected system, highlighting the urgency of patching or implementing mitigating controls.
The impact of CVE-2017-16764 is severe due to its potential for remote code execution. An attacker who can upload or modify a YAML file processed by django-make-app can inject arbitrary Python code. This code will be executed with the privileges of the user running the application, potentially granting the attacker full control over the server. This could involve data theft, system compromise, or even using the server as a launchpad for further attacks. The vulnerability's ease of exploitation, combined with the potential for widespread deployment of django-make-app, makes it a significant security risk. While no widespread exploitation has been publicly reported, the availability of a proof-of-concept significantly increases the likelihood of future attacks.
CVE-2017-16764 was publicly disclosed on July 13, 2018. A proof-of-concept (PoC) demonstrating the vulnerability's exploitation is publicly available, increasing the risk of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. The ease of exploitation and the availability of a PoC suggest a medium probability of exploitation, particularly in environments where django-make-app is used without proper input validation.
Web applications and services that utilize django-make-app, particularly those that allow user-supplied YAML files to be processed without proper validation, are at significant risk. Development environments and staging servers running vulnerable versions are also prime targets.
• python / server:
Get-Process -Name python | Where-Object {$_.Path -like '*django-make-app*'} | Select-Object ProcessId, CommandLine• python / server:
Get-ChildItem -Path 'C:\path\to\django-make-app\io_utils.py' -Recurse -Filter '*read_yaml_file*'• generic web: Examine access logs for requests containing suspicious YAML payloads or unusual file extensions. • generic web: Check for unusual processes running under the Python interpreter.
disclosure
Status do Exploit
EPSS
3.07% (percentil 87%)
Vetor CVSS
The primary mitigation for CVE-2017-16764 is to upgrade to a patched version of django-make-app. Unfortunately, no official patched version has been released. As a workaround, carefully validate all YAML files before processing them. Implement strict input validation to prevent the injection of malicious code. Consider using a safer YAML parser that is less susceptible to code execution vulnerabilities. Additionally, restrict access to the YAML files to only authorized users and processes. After implementing these mitigations, verify their effectiveness by attempting to load a known malicious YAML file (in a safe, isolated environment) to ensure that the code is not executed.
Nenhum patch oficial disponível. Procure alternativas ou monitore atualizações.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2017-16764 is a critical remote code execution vulnerability in django-make-app versions up to 0.1.3. It allows attackers to execute arbitrary Python code by injecting malicious content into YAML files.
You are affected if you are using django-make-app version 0.1.3 or earlier. Carefully assess your environment for usage of this library.
Upgrade to a patched version of django-make-app. As no official patch exists, implement strict input validation and consider using a safer YAML parser as a workaround.
While no widespread exploitation has been confirmed, a public proof-of-concept exists, increasing the risk of exploitation.
No official advisory has been released by the django-make-app maintainers. Refer to the NVD entry for more information: https://nvd.nist.gov/vuln/detail/CVE-2017-16764
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo requirements.txt e descubra na hora se você está afetado.