Skip to content

fix: use safe YAML parsing to prevent RCE vulnerability #677

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kxbnb wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: use safe YAML parsing to prevent RCE vulnerability #677

kxbnb wants to merge 1 commit into from

Conversation

@kxbnb
Copy link

@kxbnb kxbnb commented Jan 19, 2026

Summary
Fixes the RCE vulnerability reported in #676 by changing typ="unsafe" to typ="safe" in init_similar_cache_from_config().

Changes

  • Changed YAML(typ="unsafe", pure=True) to YAML(typ="safe", pure=True) in gptcache/adapter/api.py

Why this is safe
The config file only needs to load plain data (strings, dicts, lists, numbers). Safe YAML handles all of these. The unsafe mode was never needed - it just allowed arbitrary Python object instantiation which is the root cause of the vulnerability.

Testing

  • Verified safe YAML correctly parses valid config structures
  • Verified malicious payloads are blocked with ConstructorError

Fixes #676

@kxbnb
fix: use safe YAML parsing to prevent RCE vulnerability
2ec5269 
Changes typ="unsafe" to typ="safe" in init_similar_cache_from_config()
to prevent arbitrary code execution via malicious config files.

Fixes zilliztech#676

Signed-off-by: karthik <[email protected]>
@sre-ci-robot
Copy link
Collaborator

sre-ci-robot commented Jan 19, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: kxbnb
To complete the pull request process, please assign cxie after the PR has been reviewed.
You can assign the PR to them by writing /assign @cxie in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@mergify mergify bot added the dco-passed label Jan 19, 2026
@kxbnb
Copy link
Author

kxbnb commented Jan 21, 2026

/assign @cxie

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cxie cxie Awaiting requested review from cxie

@xiaofan-luan xiaofan-luan Awaiting requested review from xiaofan-luan

At least 1 approving review is required to merge this pull request.

Assignees

@cxie cxie

Labels

dco-passed size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[vulnerability]: Remote Code Execution (RCE) via Unsafe YAML Deserialization in GPTCache Server

3 participants

@kxbnb @sre-ci-robot @cxie