neural_magic_training.py -model directoryMITRE service request: 1987825
Status: RESERVED (pending a qualifying public reference per CNA Rules §5.3).
The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user supplies a directory path via the –model command-line argument, the function reads a module.py file from that directory and executes its contents directly using Python’s exec() function. This design does not validate or sanitize the file’s content, allowing an attacker who controls the input directory to execute arbitrary Python code in the context of the process running the script.
The training helper trusts a user-supplied --model directory, loads module.py from disk, and passes the file text to exec() in the global namespace. Anyone who can trick the operator into pointing --model at an attacker-controlled folder obtains instant arbitrary Python execution in that training job.
optimization/nebullvm/nebullvm/operations/optimizations/compressors/scripts/neural_magic_training.py.a6d302f912b481c94370811af6b11402f51d377f.-model pointing to a filesystem directory._load_model() reads module.py and executes it with exec(module_str, globals()) without sandboxing.-model).High whenever the script is run on multi-tenant or internet-synced workspaces without strict control over the --model path.
-model to directories that are not cryptographically trusted.exec() with safe import mechanisms or signed bundles; refuse unknown module.py.