PMML XXE PoC - pypmml/pmml4s

Security Research: This repository contains a proof-of-concept PMML model file demonstrating an XXE (XML External Entity) vulnerability in pypmml/pmml4s.

Affected Software

pypmml <= 1.5.8 (Python)
pmml4s (Scala/Java backend)

Vulnerability

The pmml4s XML parser uses XMLInputFactory.newFactory() with default settings, enabling external entity resolution. A malicious PMML file can trigger:

SSRF (Server-Side Request Forgery)
Local file read via file:// protocol
Out-of-band data exfiltration

Reproduction

pip install pypmml
python3 -c "from pypmml import Model; Model.fromFile('malicious_model.pmml')"

When loaded, the parser resolves the external entity, making an HTTP request to the URL specified in the DTD declaration.

Fix

val factory = XMLInputFactory.newFactory()
factory.setProperty(XMLInputFactory.SUPPORT_DTD, false)
factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false)

Disclaimer

This is for authorized security research only. Do not use for malicious purposes.

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support