The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function to parse string values provided via the --clip_values and --input_shape command-line arguments. This allows an attacker to inject arbitrary Python code into these arguments, which will be executed when eval() is called. The vulnerability can be exploited remotely if an attacker can control these arguments (e.g., through pipeline configuration or automated scripts), leading to arbitrary code execution on the system running the ART evaluation.
The vulnerability is located in the robustness_evaluation_fgsm_pytorch.py script included in the Kubeflow component of the ART library. The script calls the eval() function to parse values passed through the --clip_values and --input_shape arguments. An attacker who can control the values of these arguments — for example, through Kubeflow pipeline configuration or automated scripts — can inject arbitrary Python code that will be executed when eval() is called. The exploit can be executed remotely without authentication if user input reaches these arguments without prior validation.
An attacker can execute arbitrary code on the system running ART evaluation, leading to full system compromise, including violations of data confidentiality, integrity, and availability.
Apply patches available from the vendor according to references. Until updates are applied, it is recommended to avoid passing untrusted values to the --clip_values and --input_shape arguments and to restrict access to Kubeflow pipeline configurations only to trusted users.
Adversarial Robustness Toolbox (ART) in versions up to and including 1.20.1, Kubeflow component (robustness_evaluation_fgsm_pytorch.py file)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H