skip to content
Back to GitHub.com
Home Bounties CodeQL Research Advisories Get Involved Events
November 2, 2020

GHSL-2020-141: Arbitrary code execution in DatabaseSchemaReader - CVE-2020-26207

Jaroslav Lobacevski

Summary

DatabaseSchemaViewer is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted .dbschema file.

Product

DatabaseSchemaReader

Tested Version

Master branch.

Details

Issue: DatabaseSchemaReader is using an unsafe serializer to open .dbschema files.

The user should be careful not to open .dbschema files from untrusted sources. See the Proof of Concept below.

Impact

While the file is opened as data, any arbitrary code defined in the file is executed without user consent.

Remediation

Use a safer serializer, XmlSerializer for example, that performs expected type checks. See Alvaro and Oleksandr slides for other safer serializer options.

CVE

Coordinated Disclosure Timeline

Resources

PoC

Credit

This issue was discovered and reported by GHSL team member @JarLob (Jaroslav Lobačevski).

Contact

You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2020-141 in any communication regarding this issue.