XXE injection in PMML4S parser via malicious .pmml model file

Target: autodeployai/pmml4s (Scala) / pypmml (Python wrapper) Version: 1.5.8 (latest) Type: CWE-611 — XML External Entity (XXE)

Vulnerability

The PMML4S XML parser uses XMLInputFactory.newFactory() without disabling external entity resolution. A crafted .pmml file triggers XXE when loaded via pypmml.Model.fromFile() or fromString().

Root cause: pull.scala#L90-L99

PoC Files

File Impact
1_file_read_etc_passwd.pmml Reads /etc/passwd via file:/// entity
2_ssrf_http_request.pmml Sends HTTP request to attacker server via http:// entity
3_dos_billion_laughs.pmml Exponential entity expansion (memory exhaustion)

Reproduce

pip install pypmml==1.5.8
python reproduce.py

Requires Java 8+ (OpenJDK recommended).

Expected Output

[+] VULNERABLE — /etc/passwd was read by the XML parser
[+] SSRF RECEIVED: GET /SSRF_CONFIRMED from 127.0.0.1
[+] VULNERABLE — XML bomb loaded, entities expanded
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support