It's possible to inject code via pickle module by using artifacts from older python2 release.
How to reproduce
- Create the payload using pickle
- Use module with unsafe
load combined with user input, such as medpy_intensity_range_standardization.py
- The standard execution will crash probably at the next operations but the injection is triggered at load time
Impact
Code execution and command injection
It's possible to inject code via
picklemodule by using artifacts from older python2 release.How to reproduce
load combined with user input, such asmedpy_intensity_range_standardization.pyImpact
Code execution and command injection