Описание
MONAI does not prevent path traversal, potentially leading to arbitrary file writes
Summary
The extractall function zip_file.extractall(output_dir) is used directly to process compressed files. It is used in many places in the project. When the Zip file containing malicious content is decompressed, it will overwrite the system files. In addition, the project allows the download of the zip content through the link, which increases the scope of exploitation of this vulnerability.
When reproducing locally, follow the process below to create a malicious zip file and simulate the process of remotely downloading the zip file.
Then start the http service through python
Another terminal simulates a normal user downloading zip content from the Internet, perhaps from some popular forums or blogs, such as huggingface, etc.
We can see that malicious.txt was indeed extracted to the root directory, demonstrating that the path traversal successfully wrote the malicious file. If the Zip file contains SSH keys, malicious content that automatically loads when the user boots the computer, or overwrites legitimate user files, causing services to become inoperable, these actions could cause extremely serious damage.
Impact
Arbitrary file write
Repair Suggestions
Check the contents of the downloaded Zip file, or use a safer method to load it
Пакеты
monai
<= 1.5.0
1.5.1
Связанные уязвимости
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. The extractall function `zip_file.extractall(output_dir)` is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious content is decompressed, it overwrites the system files. In addition, the project allows the download of the zip content through the link, which increases the scope of exploitation of this vulnerability. As of time of publication, no known fixed versions are available.