YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
PoC: wandb Artifact Download Path Traversal (CWE-22)
Vulnerability
The wandb Python SDK (tested on v0.24.2) contains multiple path traversal
vulnerabilities in artifact/file download functionality. The LogicalPath
class does NOT sanitize .. path components, and os.path.join() is used
unsafely with server-controlled paths, allowing arbitrary file write outside
the intended artifact download directory.
Affected Code
| # | File | Line | Sink |
|---|---|---|---|
| 1 | wandb/sdk/artifacts/artifact_manifest_entry.py |
174 | os.path.join(rootdir, self.path) |
| 2 | wandb/apis/public/files.py |
324 | os.path.join(root, self.name) |
| 3 | wandb/sdk/internal/internal_api.py |
2903 | os.path.join(out_dir, filename) |
Root Cause
wandb/sdk/lib/paths.py - LogicalPath.__new__() normalizes path separators
via PurePosixPath but does NOT reject .. components:
LogicalPath("../../../.ssh/authorized_keys")
# Returns: '../../../.ssh/authorized_keys' (unchanged)
Attack Vector
A malicious artifact uploaded to wandb.ai (or served by a compromised server)
contains manifest entries with .. path traversal sequences. When any user
downloads the artifact via artifact.download(), files are written outside
the artifact directory to attacker-controlled locations.
Impact
- Arbitrary file write (overwrite
.bashrc,.ssh/authorized_keys, cron jobs) - Supply chain attack via public artifacts on wandb.ai
- CI/CD compromise via artifact downloads in pipelines
Running the PoC
pip install wandb
python3 poc_wandb_path_traversal.py
All 5 tests should show [VULN] status.