Remote Code Execution With Modern AI/ML Formats and Libraries

• Executive Summary We identified vulnerabilities in three open-source artificial intelligence/machine learning (AI/ML) Python libraries published by Apple, Salesforce and NVIDIA on their GitHub repositories. • Vulnerable versions of these libraries allow for remote code execution (RCE) when a model file with malicious metadata is loaded. • Specifically, these libraries are: - NeMo: A PyTorch-based framework created for research purposes that is designed for the development of diverse AI/ML models and complex systems created by NVIDIA - Uni2TS: A PyTorch library created for research purposes that is used by Salesforce’s Morai, a foundation model for time series analysis that forecasts trends from vast datasets - FlexTok: A Python-based framework created for research purposes that enables AI/ML models to process images by handling the encoding and decoding functions, created by researchers at Apple and the Swiss Federal Institute of Technology’s Visual Intelligence and Learning Lab These libraries are used in popular models on HuggingFace with tens of millions of downloads in total. • The vulnerabilities stem from libraries using metadata to configure complex models and pipelines, where a shared third-party library instantiates classes using this metadata. • Vulnerable versions of these libraries simply execute the provided data as code. • This allows an attacker to embed arbitrary code in model metadata, which would automatically execute when vulnerable libraries load these modified mode

Article Summaries:

• Executive Summary We identified vulnerabilities in three open-source artificial intelligence/machine learning (AI/ML) Python libraries published by Apple, Salesforce and NVIDIA on their GitHub repositories. Vulnerable versions of these libraries allow for remote code execution (RCE) when a model file with malicious metadata is loaded. Specifically, these libraries are: - NeMo: A PyTorch-based framework created for research purposes that is designed for the development of diverse AI/ML models and complex systems created by NVIDIA - Uni2TS: A PyTorch library created for research purposes that is

Sources:

• https://unit42.paloaltonetworks.com/rce-vulnerabilities-in-ai-python-libraries/