Add testbed for CVE-2025-0655 #131
Conversation
|
Hey @frkngksl Thanks for your contribution! I'm having problem with the services setup. This is what I'm getting when launching the vulnerable service: user@machine:~/just-hms/131/security-testbeds/dtale/CVE-2025-0655$ docker build -t dtale:vuln -f Vulnerable.Dockerfile .
[+] Building 74.7s (7/7) FINISHED docker:default
=> [internal] load build definition from Vulnerable.Dockerfile 0.0s
=> => transferring dockerfile: 142B 0.0s
=> [internal] load metadata for docker.io/library/python:3.9.10-slim 0.1s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> CACHED [1/3] FROM docker.io/library/python:3.9.10-slim@sha256:f43f874bc50ba29cb1d9ea052c2e2db4e55df2c5a1b7d2a77e57f33a7536b752 0.0s
=> [2/3] RUN apt update && apt install curl -y 4.3s
=> [3/3] RUN pip install dtale==3.15.1 60.5s
=> exporting to image 9.6s
=> => exporting layers 9.6s
=> => writing image sha256:3e1f675fb5db775027ddc9441636d72f8c8b5d49b11dd14652bf55d57f3f7355 0.0s
=> => naming to docker.io/library/dtale:vuln
user@machine:~/just-hms/131/security-testbeds/dtale/CVE-2025-0655$ docker run --name dtaleVuln --network host -it dtale:vuln dtale --host localhost
Traceback (most recent call last):
File "/usr/local/bin/dtale", line 5, in <module>
from dtale.cli.script import main
File "/usr/local/lib/python3.9/site-packages/dtale/__init__.py", line 29, in <module>
from dtale.app import show, get_instance, instances, offline_chart # isort:skip
File "/usr/local/lib/python3.9/site-packages/dtale/app.py", line 40, in <module>
from dtale.dash_application import views as dash_views
File "/usr/local/lib/python3.9/site-packages/dtale/dash_application/views.py", line 10, in <module>
import dtale.dash_application.drilldown_modal as drilldown_modal
File "/usr/local/lib/python3.9/site-packages/dtale/dash_application/drilldown_modal.py", line 8, in <module>
from dtale.dash_application.charts import (
File "/usr/local/lib/python3.9/site-packages/dtale/dash_application/charts.py", line 46, in <module>
from dtale.dash_application.layout.layout import (
File "/usr/local/lib/python3.9/site-packages/dtale/dash_application/layout/layout.py", line 4, in <module>
import dash_colorscales as dcs
File "/usr/local/lib/python3.9/site-packages/dash_colorscales/__init__.py", line 8, in <module>
_components = _dash.development.component_loader.load_components(
AttributeError: module 'dash.development' has no attribute 'component_loader'I don't know if I'm missing something here, if not could you take a look and update the setup to fix this? |
|
Hello @alessandro-Doyensec , I will check the error, but is it possible to execute the following commands? sudo docker rmi -f $(sudo docker images -aq) The most suspected thing for me is the conflicting docker images. Sometimes docker might use already existed and modified images in your computer. I will continue to look for reproducing issue and finding a solution, but if you can try these two and rebuild again, I would be happy. |
Thanks, I got the same output after running those commands. In the future, if you want to avoid potential caching issues, I think you can just add the |
|
Hi @alessandro-Doyensec , I found the issue, I guess: I will add the downgrading comments asap, but I don't have my computer with me. If you don't want to wait for the fix, you may want to try this beforehand (for the reviewing process)z |
|
Hi @alessandro-Doyensec , I guess I fixed the issue. Could you try it? |
Hello
This is a testbed for CVE-2025-0655
Issue is: google/tsunami-security-scanner-plugins#610