You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note: This issue documents a vulnerability that was originally reported privately as the repository security advisory GHSA-6f59-hmhr-hgf3 by @pbeza.
Root Cause
The libnvidia-container build recipe sets export CURL="curl --insecure" and enables network access during compilation via do_compile[network] = "1". This combination means that dependencies fetched during the build process have no TLS certificate verification, making the build vulnerable to man-in-the-middle attacks.
Attacker performs a MitM attack on the network between the build machine and upstream servers
Build process fetches dependencies using curl --insecure — no TLS verification
Attacker substitutes malicious code for legitimate dependencies
Malicious code is compiled into the libnvidia-container binary
The binary is included in all NVIDIA-enabled dstack guest images
Every CVM using GPU support runs the backdoored binary
Impact
Supply-chain attack: malicious code injected during the build process is included in all NVIDIA-enabled dstack images. The backdoored binary runs inside CVMs with access to all secrets and key material. This is a one-time compromise that affects all deployments using the resulting image.
Pin and verify checksums for all downloaded dependencies
Ideally, pre-fetch all dependencies during do_fetch (which supports checksums) rather than downloading during do_compile
If network access during compilation is unavoidable, use a local mirror with verified content
Note: This finding was reported automatically as part of an AI/Claude-driven internal audit by the NEAR One MPC team. It has not been manually verified by a human to confirm whether it constitutes an actual security issue.
Root Cause
The libnvidia-container build recipe sets
export CURL="curl --insecure"and enables network access during compilation viado_compile[network] = "1". This combination means that dependencies fetched during the build process have no TLS certificate verification, making the build vulnerable to man-in-the-middle attacks.Attack Path
curl --insecure— no TLS verificationImpact
Supply-chain attack: malicious code injected during the build process is included in all NVIDIA-enabled dstack images. The backdoored binary runs inside CVMs with access to all secrets and key material. This is a one-time compromise that affects all deployments using the resulting image.
Suggested Fix
--insecureflag:export CURL = "curl"(or remove the override entirely)do_fetch(which supports checksums) rather than downloading duringdo_compile