It has been confirmed that this vulnerability can be exploited by an attacker to inject arbitrary python commands into any website that uses the d8s-uuids. The attacker would only need to host a d8s-uuids-enabled website on a server that has d8s-uuids installed on its Python installation. The input to the d8s-uuids is the UUID of a d8s-uuids-enabled object. The object must be served as static content, such as in a web-application. For example, a d8s-uuids-enabled object in a Flask application can be accessed by doing something like this: d8s_uuids() The attacker can then use the injected python code to control the targeted object. This can be used for various malicious purposes, such as stealing data, or for injecting code for code-execution. To exploit the vulnerability, the attacker must have a d8s-uuids-enabled Python installation. It is recommended that users update their d8s-uuids to a new version.

D8s-uuids - An Overview

The d8s-uuids library provides a module that can be used to generate unique identifiers associated with any Python object. The module is implemented in pure Python code without the need for special extensions such as ctypes. This allows it to work on any system and without dependencies.
The API is documented: https://docs.python-guide.org/en/latest/modules/d8s/index.html

Vulnerability overview

The vulnerability is present in the d8s-uuids library, which is a Python library used to work with UUIDs. The library's API allows for arbitrary Python code to be injected into any website that uses the library. This can lead to an attacker being able to execute arbitrary code on the targeted website. When d8s-uuids-enabled objects are accessed, the attacker has control over these objects.

What is d8s-uuids?

D8s-uuids is a Python package for generating UUIDs. It is installed by default on Python installations and recommended to be used in conjunction with the UUID library.

Timeline

Published on: 09/19/2022 15:15:00 UTC
Last modified on: 09/21/2022 15:37:00 UTC

References