GHSA-2679-6mx9-h9xc
Authentication Bypass vulnerability in marimo (PyPI)

Authentication Bypass No known exploit

What is GHSA-2679-6mx9-h9xc About?

Marimo has a Pre-Auth Remote Code Execution (RCE) vulnerability in its terminal WebSocket endpoint, `/terminal/ws`, due to a lack of authentication validation. This allows an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. This presents a critical security risk and is trivially exploitable.

Affected Software

marimo <0.23.0

Technical Details

The vulnerability lies in the /terminal/ws WebSocket endpoint handler in marimo/_server/api/endpoints/terminal.py. Unlike other WebSocket endpoints, this specific endpoint fails to call validator.validate_auth() or use a @requires() decorator to enforce authentication. Although Marimo uses Starlette's AuthenticationMiddleware, this middleware only marks unauthenticated connections as UnauthenticatedUser but does not proactively reject WebSocket connections at the middleware level. As a result, the /terminal/ws endpoint proceeds to websocket.accept() directly, followed by pty.fork(), even for unauthenticated requests. This grants an unauthenticated remote attacker a full interactive PTY shell, allowing arbitrary command execution on the host machine. The commands typically run as root in default Docker deployments.

What is the Impact of GHSA-2679-6mx9-h9xc?

Successful exploitation may allow attackers to execute arbitrary system commands with root privileges, leading to complete system compromise, unauthorized data access, modification, and denial of service.

What is the Exploitability of GHSA-2679-6mx9-h9xc?

Exploitation is of very low complexity. An unauthenticated attacker can obtain a full interactive root shell on the server using a single WebSocket connection to the /terminal/ws endpoint. No authentication tokens, user interaction, or specific privileges are required. The attack is entirely remote, performed by simply connecting to the vulnerable WebSocket endpoint. There are no special conditions or constraints other than the Marimo instance running, explicitly exposing the /terminal/ws endpoint, which it does by default. The high impact and extremely low complexity make this a critical and highly exploitable vulnerability, particularly in default Docker container deployments where commands execute as the root user.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for GHSA-2679-6mx9-h9xc?

Available Upgrade Options

  • marimo
    • <0.23.0 → Upgrade to 0.23.0

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to GHSA-2679-6mx9-h9xc?

Similar Vulnerabilities: CVE-2023-49103 , CVE-2023-46805 , CVE-2023-46806 , CVE-2023-43644 , CVE-2023-38035

All Rights reserved 2025
Privacy Policy