CVE-2021-43811

HIGH

Sockeye < 2.3.24 - Remote Code Execution via Unsafe YAML Loading

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-43811. PoCs published by s-index.

AI-analyzed exploit summary This PoC demonstrates a YAML deserialization vulnerability in Sockeye (CVE-2021-43811), where unsafe YAML loading allows arbitrary code execution via a malicious config file. The exploit uses Python's YAML parser to trigger command execution (e.g., `cat /etc/passwd`).

Description

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24.

Exploits (1)

nomisec WORKING POC 2 stars

by s-index · poc

https://github.com/s-index/CVE-2021-43811

View Code ZIP pw:eip

This PoC demonstrates a YAML deserialization vulnerability in Sockeye (CVE-2021-43811), where unsafe YAML loading allows arbitrary code execution via a malicious config file. The exploit uses Python's YAML parser to trigger command execution (e.g., `cat /etc/passwd`).

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: awslabs/sockeye < 2.3.24

No auth needed

Prerequisites: Victim must load a malicious YAML config file into Sockeye

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_confirm

https://github.com/awslabs/sockeye/security/advisories/GHSA-ggmr-44cv-24pm

Patch, Third Party Advisory x_refsource_misc

https://github.com/awslabs/sockeye/pull/964

Release Notes, Third Party Advisory x_refsource_misc

https://github.com/awslabs/sockeye/releases/tag/2.3.24

Scores

CVSS v3 7.8

EPSS 0.0872

EPSS Percentile 92.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (2)

amazon/sockeye < 2.3.24

pypi/sockeye 0 - 2.3.24PyPI

Published Dec 08, 2021

Tracked Since Feb 18, 2026