You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RedisBackend tries to unpickle data it receives from redis without checking any signatures. This is a potential security issue: an adversary with access to the redis server could perform a code execution attack on application servers running beaker_redis code.
Generally a good way is to either sign the pickled data with a secret key and then check signature before unpickling or use a serialization format such as JSON or msgpack.
Beaker can already sign (and encrypt) session data but this is now being bypassed at the backend level.
The text was updated successfully, but these errors were encountered:
frgtn
changed the title
Arbitrary data being unpickled allows code execution
Arbitrary data being unpickled may allow code execution
Nov 9, 2016
RedisBackend tries to unpickle data it receives from redis without checking any signatures. This is a potential security issue: an adversary with access to the redis server could perform a code execution attack on application servers running beaker_redis code.
Generally a good way is to either sign the pickled data with a secret key and then check signature before unpickling or use a serialization format such as JSON or msgpack.
Beaker can already sign (and encrypt) session data but this is now being bypassed at the backend level.
The text was updated successfully, but these errors were encountered: