YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

PMML XXE PoC β€” pmml4s / pypmml (arbitrary file read + SSRF on model load)

Loading the malicious model file poc.pmml with pmml4s (or pypmml, which bundles it) triggers XML External Entity processing (CWE-611): the parser fetches an external DTD and reads a local file off the host. The model parses with no error, so the read is transparent.

Reproduce (offline, benign target: /etc/hostname)

  1. pip install pypmml (needs a JRE on PATH β€” pmml4s is a Scala/JVM library)

  2. python3 canary.py (starts a loopback observation listener on 127.0.0.1:8099)

  3. In another shell: python3 -c "from pypmml import Model; Model.fromFile('poc.pmml')"

  4. Observe the canary output:

    HIT /leak?d=HOSTNAME

    The parser read /etc/hostname and exfiltrated it = arbitrary file read (XXE). It also fetched evil.dtd from this repo = SSRF / external-entity resolution.

Files

  • poc.pmml β€” malicious PMML model; its DOCTYPE points at evil.dtd in this repo
  • evil.dtd β€” parameter-entity chain: reads file:///etc/hostname, exfils to 127.0.0.1:8099 (loopback)
  • canary.py β€” local listener so you can observe the read (loopback only)

Root cause

org/pmml4s/xml/pull.scala: val factory = XMLInputFactory.newFactory with no SUPPORT_DTD=false / IS_SUPPORTING_EXTERNAL_ENTITIES=false. Fix: disable DTD support.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support