DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-5R2P-PJR8-7FH7: Remote Code Execution in AWS SageMaker Python SDK via Unsafe eval()

#security #cve #cybersecurity #ghsa

Remote Code Execution in AWS SageMaker Python SDK via Unsafe eval()

Vulnerability ID: GHSA-5R2P-PJR8-7FH7
CVSS Score: 8.5
Published: 2026-03-05

A critical vulnerability exists in the AWS SageMaker Python SDK versions prior to 3.4.0, specifically within the JumpStart search_hub() functionality. The vulnerability arises from the use of the Python eval() function to process search query parameters without adequate sanitization or sandboxing. This flaw allows an attacker who can control the input to the search function to execute arbitrary Python code in the context of the application running the SDK. The issue has been addressed in version 3.4.0 by replacing the dynamic evaluation logic with a custom recursive descent parser and Abstract Syntax Tree (AST) implementation.

TL;DR

The AWS SageMaker Python SDK contained a Remote Code Execution (RCE) vulnerability in its JumpStart search feature due to the unsafe use of eval(). Attackers controlling search inputs could break out of the limited sandbox and execute arbitrary commands. Users should upgrade to sagemaker>=3.4.0 immediately.

Technical Details

  • CWE ID: CWE-95
  • Vulnerability Type: Eval Injection
  • CVSS v4.0: 8.5 (High)
  • Attack Vector: Local (Library)
  • Patch Status: Fixed in v3.4.0
  • Exploit Maturity: Proof of Concept (Theoretical)

Affected Systems

  • AWS SageMaker Python SDK
  • Applications integrating SageMaker JumpStart search
  • sagemaker: < 3.4.0 (Fixed in: 3.4.0)

Code Analysis

Commit: e706e57

feat: add custom parser for search filters to replace eval()

@@ -120,7 +120,7 @@
-            return eval(expr, {"__builtins__": {}}, {"keywords": keywords, "any": any})
+            ast_tree = self._parse_expression(self.expression)
+            return ast_tree.evaluate(keywords)
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Dependency Upgrade
  • Input Validation
  • Principle of Least Privilege

Remediation Steps:

  1. Identify all environments (development, CI/CD, production) using the sagemaker Python SDK.
  2. Update the sagemaker package to version 3.4.0 or greater using pip: pip install --upgrade "sagemaker>=3.4.0".
  3. Verify the installed version: pip show sagemaker.
  4. Restart any running services or Jupyter kernels to ensure the new library code is loaded.

References

Read the full report for GHSA-5R2P-PJR8-7FH7 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)