python-beaker is affected by Deserialization of untrusted data which could lead to Arbitrary code execution. References: https://github.com/bbangert/beaker/issues/191 https://www.openwall.com/lists/oss-security/2020/05/14/11
Created python-beaker tracking bugs for this issue: Affects: fedora-all [bug 1850106]
*** Bug 1849014 has been marked as a duplicate of this bug. ***
Flaw summary: If an attacker is able to enter malicious payloads into the cache database (e.g. if they are on the network and have creds for the database), they could get remote code execution on the machine running Beaker due to deserialization of data from the cache database by Pickle.
Mitigation: Implementing proper access control on the Beaker cache database, to prevent unauthorized writes into the database, will mitigate exploitation of this flaw. This flaw also cannot be triggered if the Cache functionality of Beaker is not used. When using the Session feature of Beaker, use the signing functionality to verify the integrity of the data retrieved from the database before deserialization.
There is not yet a patch for this but the maintainer has suggested implementing signing of the cache data upon commit to the database to be verified upon retrieval.