Spring4shell in Flask
How Spring4shell Manifests in Flask
Although Spring4shell (CVE-2022-22965) is a vulnerability in the Spring Framework, similar attack patterns can affect Flask applications when developers use unsafe data binding patterns. The core issue involves manipulating request parameters to inject malicious values into object properties, leading to remote code execution (RCE) via expression language evaluation or unsafe setters.
In Flask, this typically occurs when using libraries like marshmallow, wtforms, or custom deserialization logic that blindly sets attributes on objects based on user input without proper validation. For example, if a Flask endpoint uses setattr() on a model or configuration object with user-controlled keys, an attacker might inject dangerous attributes.
# Vulnerable Flask endpoint using unsafe attribute setting
from flask import Flask, request, jsonify
app = Flask(__name__)
class User:
def __init__(self):
self.name = ""
self.active = False
@app.route('/update_user', methods=['POST'])
def update_user():
data = request.get_json()
user = User()
for key, value in data.items():
setattr(user, key, value) # Unsafe: no validation of key
return jsonify({'status': 'updated'})
if __name__ == '__main__':
app.run(debug=True)
An attacker could send a payload like:
{
"__class__": {
"__init__": {
"__globals__": {
"os": {
"system": "id > /tmp/exploit"
}
}
}
}
}
While Flask itself doesn't use Java Expression Language (EL) like Spring, the danger lies in accessing internal Python attributes (__class__, __globals__) that could lead to module import or function execution if the object is later used in an unsafe context (e.g., passed to a template engine with SSTI risk, or used in a deserialization chain). This pattern mirrors Spring4shell’s exploitation vector: abusing property binding to reach dangerous internal state.
Real-world equivalents in Flask include CVE-2020-15664 (Flask-Caching SSTI) and improper use of jinja2.SandboxedEnvironment where attribute access is not properly restricted. middleBrick detects such issues under the "Property Authorization" and "Input Validation" checks by identifying endpoints that reflect user input into object attributes without allowlisting.
Flask-Specific Detection
Detecting Spring4shell-like vulnerabilities in Flask requires analyzing how user input is used to set object attributes, especially in JSON deserialization, form handling, or configuration updates. middleBrick performs black-box scanning by sending payloads that attempt to access dangerous internal attributes (e.g., __class__, __globals__, __subclasses__) and observes whether the application reflects or processes them in a way that could lead to SSTI, RCE, or information disclosure.
The scanner includes specific probes for Python object injection under the "Input Validation" and "Property Authorization" checks. For example, it may send a payload like:
POST /api/user
Content-Type: application/json
{"__class__": {"__init__": {"__globals__": {"os": null}}}}
If the application responds with an error that leaks internal structure (e.g., a 500 error with traceback showing AttributeError on os), or if the response behavior changes based on the payload depth, it may indicate unsafe attribute setting.
Additionally, middleBrick checks for common Flask patterns that increase risk:
- Use of
setattr()orupdate()on objects with user-controlled keys - Blind merging of JSON data into configuration or model objects
- Use of
**kwargsin view functions that pass user input to constructors or setters - Templates that render user-controlled data without proper escaping (SSTI risk)
These checks are performed without agents or configuration — only the public API URL is required. Findings include the exact endpoint, HTTP method, payload used, and severity based on context (e.g., higher if combined with debug mode or SSTI). Remediation guidance focuses on input validation and attribute allowlisting, not on blocking or patching.
Flask-Specific Remediation
Fixing Spring4shell-like vulnerabilities in Flask involves preventing unsafe attribute assignment from user input. The solution is to validate and restrict which attributes can be set, using explicit allowlists or safe deserialization patterns.
Replace unsafe patterns like setattr(obj, key, value) with validation:
# Fixed: Allowlist of safe attributes
SAFE_ATTRIBUTES = {'name', 'email', 'active'}
@app.route('/update_user', methods=['POST'])
def update_user():
data = request.get_json() or {}
user = User()
for key, value in data.items():
if key in SAFE_ATTRIBUTES:
setattr(user, key, value)
# Optionally log or reject unknown keys
return jsonify({'status': 'updated'})
When using libraries like marshmallow, define schemas with explicit fields:
from marshmallow import Schema, fields
class UserSchema(Schema):
name = fields.Str(required=True)
email = fields.Email()
active = fields.Bool()
@app.route('/user', methods=['POST'])
def create_user():
schema = UserSchema()
try:
user_data = schema.load(request.get_json())
except ValidationError as err:
return jsonify(err.messages), 400
# Proceed with validated data
return jsonify({'user': user_data}), 201
For configuration updates, avoid updating app.config directly from user input. Instead, use a dedicated settings model with validation:
# Unsafe: app.config.update(request.get_json()) # NEVER DO THIS
# Safe: Explicitly allow only expected keys
ALLOWED_CONFIG_KEYS = {'ITEMS_PER_PAGE', 'THEME'}
@app.route('/update_config', methods=['POST'])
def update_config():
data = request.get_json() or {}
for key, value in data.items():
if key in ALLOWED_CONFIG_KEYS:
app.config[key] = value
return jsonify({'status': 'config updated'})
Additionally, disable Flask debug mode in production (app.run(debug=False)) to prevent error leakage that could aid exploitation. middleBrick’s reports will flag unsafe attribute setting under "Property Authorization" and provide line-specific guidance in the remediation section of the scan results, helping developers fix the root cause without requiring agents or configuration changes.