CVE-2021-38305 allows attackers to bypass existing protections and run arbitrary Python code by manipulating the schema file provided as input to Yamale, according to the JFrog security research team. A 23andMe spokesperson told ZDNet that 23andMe Security was notified of a workaround to a patch made to Yamale, the open-source library created by the company to verify that YAML files are in the right format and have all the correct fields. In a blog post and in interviews with ZDNet, JFrog’s senior director of security research Shachar Menashe said the vulnerability is “extremely severe if the prerequisites for the attack exist, due to the fact that the impact is the highest (remote code execution) and exploitation is trivial and stable (command injection).” The blog highlights the cases where the team believes the vulnerability would be most exploitable. “The JFrog security research team is currently conducting a scan of the entire PyPI database in order to improve the landscape of open source Python code. By automatically detecting vulnerabilities and disclosing them, our goal is to help mitigate vulnerabilities that threaten customer systems and national infrastructure,” Menashe said. “The finding was discovered using our automated vulnerability detection technology; these are the same types of code scanners that found the malicious PyPI packages that we disclosed in July. We are running our scanners on the entire PyPI database and performing responsible disclosures on all found vulnerabilities after we verify them. Since Yamale is available through PyPI, it was scanned as part of this effort. 23andMe actually wrote Yamale for use as an internal tool.” Yamale is a popular schema validator for YAML that’s used widely. An attacker that can control the contents of the schema file that’s supplied to Yamale can provide a seemingly valid schema file that will cause arbitrary Python code to run, Menashe explained. Menashe noted the underlying issue is that through Python reflection, an attacker can “claw back” any needed builtins and run arbitrary code. In the blog post, JFrog researchers said an attacker needs to be able to specify the contents of the schema file in order to inject Python code, but noted that this can be exploited remotely if some piece of vendor code allows an attacker to do that. The most likely exploitation, the security company said, would involve vulnerabilities triggered through command line parameters via a separate parameter injection issue. JFrog Security CTO Asaf Karas added that because YAML is so popular, compatible, and widely used, it’s often the target of attacks. “This gap allows attackers that can provide an input schema file to perform Python code injection that leads to code execution with the privileges of the Yamale process. We recommend sanitizing any input going to eval() extensively and – preferably - replacing eval() calls with more specific APIs required for your task,” Karas said. The company lauded Yamale’s maintainers for validating and fixing the issue “in record time” and for “responsibly creating a CVE for the issue after the fixed version was available.” The 23andMe spokesperson said the original patch was intended to cover a vulnerability for users parsing untrusted YAML schema. “YAML files have remained unaffected and are parsed with a safe loader. 23andMe is actively working on a solution. In the meantime, we will add a note on the project readme that more explicitly states that YAML schemas should always come from a trusted source,” the spokesperson said. “This tool is not implemented in any 23andMe company processes and doesn’t affect the customer experience or customer data in any way. We are grateful for the white hat hackers who alerted our team and invite others to join our recently established Bug Bounty Program,” the company added.