azaion/gps-denied-desktop
1
0
Fork 0
mirror of https://github.com/azaion/gps-denied-desktop.git synced 2026-04-23 03:06:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

add clarification to research methodology by including a step for solution comparison and user consultation

Browse Source
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-03-17 18:43:57 +02:00
parent d764250f9a
commit b419e2c04a
35 changed files with 6030 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_docs/00_research/security_cve_research_2026.md
+241
View File
@@ -0,0 +1,241 @@
# Security CVE Research: Python Dependencies (Late 2025 March 2026)
Research date: March 14, 2026. Covers CVEs and security issues for packages used in the GPS-denied solution (solution_draft05).
---
## 1. Summary Table
| Package | Current Version | CVE ID | Severity | Mitigation | Source |
|---------|-----------------|--------|----------|------------|--------|
| **FastAPI** | ≥0.135.0 | None (core) | — | No action for core FastAPI | — |
| **FastAPI Api Key** | — | CVE-2026-23996 | Medium | Update to ≥1.1.0 or avoid | [GitLab Advisory](https://advisories.gitlab.com/pkg/pypi/fastapi-api-key/CVE-2026-23996) |
| **uvicorn** | — | CVE-2025-43859 (h11) | Critical 9.1 | Pin h11 ≥0.16.0 | [NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-43859) |
| **ONNX Runtime** | — | AIKIDO-2026-10185 | Medium | Upgrade to ≥1.24.1 | [Intel Aikido](https://intel.aikido.dev/cve/AIKIDO-2026-10185) |
| **ONNX** | — | CVE-2025-51480 | High 8.8 | Patch in ONNX 1.17+ | [NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-51480) |
| **aiohttp** | — | CVE-2025-69223, 69227, 69228, 69229, 69230, 69226, CVE-2025-53643 | High/Medium | Update to ≥3.13.3 | [oss-sec](https://seclists.org/oss-sec/2026/q1/24) |
| **python-jose** | 3.5.0 | CVE-2024-29370, 33663, 33664; unfixed 2026 issues | Medium | **Replace with PyJWT** | [OpenCVE](https://app.opencve.io/cve/?vendor=python-jose_project) |
| **PyTorch** | ≥2.10.0 | CVE-2026-24747 (fixed in 2.10.0) | High 8.8 | Already mitigated | [NVD](https://nvd.nist.gov/vuln/detail/CVE-2026-24747) |
| **Pillow** | ≥11.3.0 | CVE-2026-25990 | High 7.5 | **Upgrade to ≥12.1.1** | [NVD](https://nvd.nist.gov/vuln/detail/CVE-2026-25990) |
| **GTSAM** | 4.2 | None found | — | Monitor | — |
| **numpy** | — | AIKIDO-2025-10325 (2.2.x) | Low | Upgrade to ≥2.2.6 if on 2.2.x | [Intel Aikido](https://intel.aikido.dev/cve/AIKIDO-2025-10325) |
| **safetensors** | — | Metadata RCE (under review) | TBD | Monitor; avoid unsafe metadata parsing | [huggingface_hub #3863](https://github.com/huggingface/huggingface_hub/issues/3863) |
---
## 2. Detailed Findings by Package
### 2.1 FastAPI (≥0.135.0)
**Core FastAPI**: No CVEs affecting the main FastAPI package in 20252026.
**Related packages** (if used):
- **CVE-2026-23996** (FastAPI Api Key): Timing side-channel in `verify_key()`; update to ≥1.1.0.
- **CVE-2026-2978** (FastApiAdmin): Unrestricted file upload; update to ≥2.2.1.
- **CVE-2025-68481** (fastapi-users): OAuth CSRF; update to ≥15.0.2.
**Recommendation**: No change for core FastAPI. If using FastAPI Api Key, FastApiAdmin, or fastapi-users, upgrade those packages.
---
### 2.2 uvicorn
**CVE-2025-43859** (transitive via h11):
- **Severity**: Critical (CVSS 9.1)
- **Cause**: h11 <0.16.0 lenient parsing of chunked-encoding line terminators → HTTP request smuggling
- **Impact**: Security bypass, cache poisoning, session hijacking, data leakage
- **Fix**: Pin `h11>=0.16.0`. Uvicorn PR #2621 bumps h11 (merged May 2025).
**Recommendation**: Pin `h11>=0.16.0` in requirements. Use a uvicorn release that depends on h11 ≥0.16.0.
**Sources**: [NVD CVE-2025-43859](https://nvd.nist.gov/vuln/detail/CVE-2025-43859), [Uvicorn PR #2621](https://github.com/encode/uvicorn/pull/2621)
---
### 2.3 ONNX Runtime
**AIKIDO-2026-10185** (path traversal in model loading):
- **Affected**: ONNX Runtime 1.21.01.24.0
- **Issue**: External data references in TensorProto can use absolute paths or `../` traversal
- **Impact**: Load unintended files, data disclosure, unexpected behavior
- **Fix**: Upgrade to ONNX Runtime ≥1.24.1
**CVE-2025-51480** (ONNX library `save_external_data`):
- **Affected**: ONNX 1.17.0
- **Issue**: Path traversal in `save_external_data` → arbitrary file overwrite
- **Fix**: ONNX patches in PR #7040; use patched ONNX.
**Recommendation**: Use ONNX Runtime ≥1.24.1. Ensure ONNX dependency is patched for CVE-2025-51480.
**Sources**: [Intel Aikido AIKIDO-2026-10185](https://intel.aikido.dev/cve/AIKIDO-2026-10185), [NVD CVE-2025-51480](https://nvd.nist.gov/vuln/detail/CVE-2025-51480)
---
### 2.4 aiohttp
**Multiple CVEs fixed in 3.13.3** (released Jan 5, 2026):
| CVE | Severity | Issue |
|-----|----------|-------|
| CVE-2025-69223 | High | Zip bomb DoS via compressed request |
| CVE-2025-69228 | High | Large payload DoS (e.g. `Request.post()`) |
| CVE-2025-69227 | High | DoS via bypassed asserts when `PYTHONOPTIMIZE=1` |
| CVE-2025-69229 | Medium | Chunked message DoS (CPU exhaustion) |
| CVE-2025-69230 | Low | Cookie parser warning storm |
| CVE-2025-69226 | Low | Static file path brute-force |
| CVE-2025-53643 | — | HTTP request smuggling (fixed in 3.12.14) |
**Recommendation**: Upgrade to aiohttp ≥3.13.3.
**Sources**: [oss-sec 2026/Q1](https://seclists.org/oss-sec/2026/q1/24), [aiohttp GHSA-6mq8-rvhq-8wgg](https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg)
---
### 2.5 python-jose (JWT)
**Maintenance**: Effectively unmaintained; minimal activity for ~2 years. Current version 3.5.0.
**Known CVEs**:
- CVE-2024-29370: DoS via malicious JWE (5.3 Medium)
- CVE-2024-33663: Algorithm confusion with OpenSSH ECDSA keys (6.5 Medium)
- CVE-2024-33664: JWT bomb via compressed JWE (5.3 Medium)
- CVE-2025-61152: `alg=none` (disputed by maintainers)
**Unfixed 2026 issues** (per GitHub #398):
- DER key algorithm confusion
- Missing algorithm whitelisting
- Timing side-channels
**Recommendation**: **Replace with PyJWT**. Okta and others have migrated away from python-jose. PyJWT is actively maintained and has stronger security defaults.
**Sources**: [OpenCVE python-jose](https://app.opencve.io/cve/?vendor=python-jose_project), [Okta migration issue](https://github.com/okta/okta-jwt-verifier-python/issues/54), [python-jose #398](https://github.com/mpdavis/python-jose/issues/398)
---
### 2.6 PyTorch (≥2.10.0)
**CVE-2026-24747** (fixed in 2.10.0):
- **Severity**: High (CVSS 8.8)
- **Issue**: `weights_only` unpickler memory corruption via crafted `.pth` checkpoints
- **Impact**: RCE when loading malicious checkpoint with `torch.load(..., weights_only=True)`
- **Fix**: PyTorch ≥2.10.0
**CVE-2025-32434** (fixed in 2.6.0):
- **Severity**: Critical (CVSS 9.8)
- **Issue**: RCE via `torch.load(..., weights_only=True)` despite documentation
- **Fix**: PyTorch ≥2.6.0
**Recommendation**: Keep PyTorch ≥2.10.0. No new CVEs found after 2.10.0. Continue using `weights_only=True` and SHA256 checksums for weights.
---
### 2.7 Pillow (≥11.3.0)
**CVE-2026-25990** (PSD out-of-bounds write):
- **Affected**: 10.3.0 through before 12.1.1
- **Severity**: High (CVSS 7.5)
- **Issue**: Out-of-bounds write when loading crafted PSD images
- **Impact**: Memory corruption, possible RCE, crashes
- **Fix**: Upgrade to Pillow ≥12.1.1
**CVE-2025-48379** (DDS buffer overflow, fixed in 11.3.0):
- Already mitigated by Pillow ≥11.3.0.
**Recommendation**: **Upgrade to Pillow ≥12.1.1** to address CVE-2026-25990.
**Sources**: [NVD CVE-2026-25990](https://nvd.nist.gov/vuln/detail/CVE-2026-25990), [GitLab Advisory](https://advisories.gitlab.com/pkg/pypi/pillow/CVE-2026-25990/)
---
### 2.8 GTSAM (4.2)
**Findings**: No CVEs or known security issues for GTSAM 4.2 in public databases.
**Recommendation**: No change. Monitor GTSAM security advisories and CVE feeds.
---
### 2.9 numpy
**AIKIDO-2025-10325** (heap buffer overflow):
- **Affected**: NumPy 2.2.02.2.5
- **Issue**: `numpy.strings.find()` incorrect allocation → heap buffer overflow
- **Fix**: Upgrade to NumPy ≥2.2.6
**CVE-2025-62608** (MLX, not NumPy): Malicious `.npy` parsing in MLX; fixed in MLX 0.29.4. NumPy itself is not directly affected.
**Recommendation**: If using NumPy 2.2.x, upgrade to ≥2.2.6. Otherwise no action.
---
### 2.10 safetensors
**Known attack vectors** (research, not formal CVEs):
- Polyglot files: Malicious data appended after valid safetensors payload
- Header bombs: Large JSON headers causing DoS
- Model poisoning: Backdoors in fine-tuned weights
- Conversion hijacking: Hugging Face safetensors conversion service compromise (Feb 2024)
**Metadata RCE (under review)**:
- Report on huntr.com (Feb 2026) and [huggingface_hub #3863](https://github.com/huggingface/huggingface_hub/issues/3863)
- Related to metadata parsing in AI/ML libraries (e.g. Hydra `instantiate()`)
- Details still limited; embargo possible until resolution
**Recommendation**: Continue using safetensors for weights (safer than pickle). Avoid parsing metadata with unsafe deserialization. Monitor safetensors and huggingface_hub advisories.
---
## 3. Supply Chain & Model File Attacks
### PyTorch model weights
**Known CVEs**:
- CVE-2025-32434: RCE via `weights_only=True` (≤2.5.1) — fixed in 2.6.0
- CVE-2026-24747: Memory corruption in weights_only unpickler (<2.10.0) — fixed in 2.10.0
**No additional supply chain CVEs** found beyond these. Mitigations remain:
- PyTorch ≥2.10.0
- `weights_only=True` for all `torch.load()`
- SHA256 checksums for all weights
- Prefer safetensors where available
### ONNX model files
**Path traversal**:
- AIKIDO-2026-10185 (ONNX Runtime 1.211.24): External data path traversal
- CVE-2025-51480 (ONNX): `save_external_data` path traversal
**Recommendation**: Use ONNX Runtime ≥1.24.1. Load only ONNX models from trusted sources; validate external data paths.
---
## 4. Action Items for solution_draft05
| Priority | Action |
|----------|--------|
| **Critical** | Replace **python-jose** with **PyJWT** |
| **Critical** | Upgrade **Pillow** to ≥12.1.1 |
| **High** | Upgrade **aiohttp** to ≥3.13.3 |
| **High** | Pin **h11** ≥0.16.0 (uvicorn transitive) |
| **High** | Use **ONNX Runtime** ≥1.24.1 |
| **Medium** | If NumPy 2.2.x: upgrade to ≥2.2.6 |
| **Monitor** | safetensors metadata RCE; GTSAM advisories |
---
## 5. Source URLs
- [NVD CVE-2025-43859](https://nvd.nist.gov/vuln/detail/CVE-2025-43859) — h11/uvicorn
- [NVD CVE-2025-51480](https://nvd.nist.gov/vuln/detail/CVE-2025-51480) — ONNX
- [NVD CVE-2025-53643](https://nvd.nist.gov/vuln/detail/CVE-2025-53643) — aiohttp request smuggling
- [NVD CVE-2025-69223](https://nvd.nist.gov/vuln/detail/CVE-2025-69223) — aiohttp zip bomb
- [NVD CVE-2026-24747](https://nvd.nist.gov/vuln/detail/CVE-2026-24747) — PyTorch
- [NVD CVE-2026-25990](https://nvd.nist.gov/vuln/detail/CVE-2026-25990) — Pillow PSD
- [Intel Aikido AIKIDO-2026-10185](https://intel.aikido.dev/cve/AIKIDO-2026-10185) — ONNX Runtime
- [Intel Aikido AIKIDO-2025-10325](https://intel.aikido.dev/cve/AIKIDO-2025-10325) — NumPy
- [aiohttp GHSA-6mq8-rvhq-8wgg](https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg)
- [oss-sec aiohttp 2026/Q1](https://seclists.org/oss-sec/2026/q1/24)
- [Uvicorn PR #2621](https://github.com/encode/uvicorn/pull/2621) — h11 bump
- [safetensors metadata RCE #3863](https://github.com/huggingface/huggingface_hub/issues/3863)
- [python-jose unmaintained (Okta)](https://github.com/okta/okta-jwt-verifier-python/issues/54)
- [python-jose security issues #398](https://github.com/mpdavis/python-jose/issues/398)