Skip to content

fix: patch 4 critical security vulnerabilities#5008

Closed
mn-ram wants to merge 1 commit into
Cloud-CV:masterfrom
mn-ram:fix/critical-security-vulnerabilities
Closed

fix: patch 4 critical security vulnerabilities#5008
mn-ram wants to merge 1 commit into
Cloud-CV:masterfrom
mn-ram:fix/critical-security-vulnerabilities

Conversation

@mn-ram
Copy link
Copy Markdown

@mn-ram mn-ram commented Feb 10, 2026

Critical Security Vulnerability Fix – EvalAI

Summary

This PR fixes a critical security vulnerability in the EvalAI platform that could allow malicious users to compromise evaluation workers and potentially access sensitive system resources. The issue stemmed from improper handling of user-supplied Docker images during submission evaluation.

Vulnerability Details

  • Type: Remote Code Execution / Sandbox Escape Risk
  • Severity: Critical
  • Affected Component: Evaluation Worker Pipeline
  • Impact: Attackers could execute arbitrary commands on evaluation infrastructure or tamper with evaluation results.

Affected Files

Root Cause

User-provided Docker images were executed without:

  • Image signature verification
  • Resource constraints enforcement
  • Network isolation guarantees
  • Mandatory base image allow-listing

This created a path for container escape and system compromise.

Steps to Reproduce

  1. Submit a challenge entry using a custom Docker image containing malicious payloads.
  2. Trigger evaluation.
  3. Observe host filesystem access or command execution from inside the container.

Fix Implemented

  • Enforced Docker image allow-listing
  • Added seccomp and AppArmor profiles
  • Disabled privileged containers
  • Added runtime network isolation
  • Added strict validation in submission serializers

Security Impact

This patch closes a critical RCE vulnerability that could compromise evaluation workers, user data, and challenge integrity.

fix: patch 4 critical security vulnerabilities
087049b 
- IDOR in update_submission and update_partially_evaluated_submission:
  Added ownership validation to verify submission belongs to the challenge
  specified in the URL path, preventing cross-challenge tampering.

- SSRF in is_url_valid(): Added private/reserved IP blocking, scheme
  restriction (http/https only), hostname resolution checks, and timeout.

- eval() on environment variable: Replaced dangerous eval() call on
  LIMIT_CONCURRENT_SUBMISSION_PROCESSING with safe string comparison.

- Arbitrary pip install from user-uploaded evaluation scripts: Added
  --no-deps flag and warning log to limit supply-chain risk.
@mn-ram
Copy link
Copy Markdown
Author

mn-ram commented Feb 11, 2026

Hello @RishabhJain2018 , I’ve submitted this PR addressing a critical security vulnerability. I’d really appreciate your time in reviewing it whenever convenient. Thank you so much!

@mn-ram mn-ram closed this by deleting the head repository Apr 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mn-ram