You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected Version
Versions including 0.42 and below.
Describe the vulnerability boofcv.io.calibration.CalibrationIO.load(String) is designed to load camera calibration configurations. However, passing an unchecked argument to this API can lead to the execution of arbitrary codes. For instance, if we use CalibrationIO.load("example.yaml") to load camera calibration while the file "example.yaml" contains the following content:
To Reproduce
Just execute CalibrationIO.load("PoC.yaml"); would reproduce it.
Fix Suggestion
Using new Yaml(new SafeConstructor()) can fix it.
The text was updated successfully, but these errors were encountered:
LetianYuan
changed the title
There's a code injection vulnerability of boofcv.io.calibration.load
There's a code injection vulnerability of boofcv.io.calibration.CalibrationIO.loadJul 17, 2023
lessthanoptimal
changed the title
There's a code injection vulnerability of boofcv.io.calibration.CalibrationIO.load
In 0.42 and before there's a code injection vulnerability of boofcv.io.calibration.CalibrationIO.loadJul 19, 2023
Updated title to clarify that this has been fixed. I'll leave this ticket up for a little bit even though it's been resolved so that it encourages people to update.
Affected Version
Versions including 0.42 and below.
Describe the vulnerability
boofcv.io.calibration.CalibrationIO.load(String)
is designed to load camera calibration configurations. However, passing an unchecked argument to this API can lead to the execution of arbitrary codes. For instance, if we useCalibrationIO.load("example.yaml")
to load camera calibration while the file "example.yaml" contains the following content:malicious code in the
evil.jar
could be executed.To Reproduce
Just execute
CalibrationIO.load("PoC.yaml");
would reproduce it.Fix Suggestion
Using
new Yaml(new SafeConstructor())
can fix it.The text was updated successfully, but these errors were encountered: