{"id":58841,"date":"2022-10-17T09:53:21","date_gmt":"2022-10-17T01:53:21","guid":{"rendered":"https:\/\/version-2.com\/?p=58841"},"modified":"2022-12-02T18:14:40","modified_gmt":"2022-12-02T10:14:40","slug":"exploit-development-and-rce-for-python-package","status":"publish","type":"post","link":"https:\/\/version-2.com\/en\/2022\/10\/exploit-development-and-rce-for-python-package\/","title":{"rendered":"Exploit Development and RCE for Python Package"},"content":{"rendered":"
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

\"\"<\/p>\n\n

As one of the most popular languages, Python has a wide presence in any large-scale development project. As per a survey in 2021, 48.07% chose Python as their favorite programming language. Along with it being a favorite language amongst developers, there is also a thriving community. The Python Package Index (PyPI)<\/u><\/a> is a repository hosting over 10TB of packages that programmers use to build their products.<\/p>

Once published on PyPI, packages are available for anyone to install. This makes it critical for developers to ensure their packages are secure because if a package is vulnerable, every application that integrates it becomes vulnerable. In this blog, I will illustrate the risk of a vulnerable package called \u201cyacmmal\u201d, walk through the process of exploit development, and develop the zero-day exploit for the package, as well as provide a solution for mitigating the risk.<\/p>

What is yacmmal?<\/u><\/strong><\/h3>

Yet Another Config Manager for Machine Learning (yacmmal)<\/u><\/a> automatically loads configuration files for machine learning projects (and removes the hassle). Yacmmal is built on top of pydantic. The package automatically creates dataclasses from various file formats such as YAML, JSON and CSV.<\/p>

Installation<\/u><\/strong><\/h3>

As we are targeting the latest version of yacmmal, we will install the latest package from PyPI with pip<\/p>

“` pip install yacmmal “`<\/p>

Vulnerability<\/u><\/strong><\/h3>

Now, to find the vulnerability, we will analyze the publicly available source code on their repository. https:\/\/github.com\/juselara1\/yacmmal<\/u><\/a><\/p>

Figure 1: yacmmal Github repository<\/u><\/em>
<\/p>

Here, yacmmal contains the main logic
<\/p>

Figure 2: Inside the yacmmal folder<\/u><\/em><\/p>

The load folder contains the logic for loading various file types. Here, yaml.py<\/a> looks interesting as it is very common for python developers to configure serialization and deserialization on yaml files incorrectly.<\/p>

Figure 3: Inside the load folder<\/u><\/em><\/p>

Taking a look at the file, we can see that it imports yaml and has defined class YAMLLoader <\/strong>which is a loader for yaml files and a base path to the yaml file which needs to be loaded.<\/p>

Figure 4: Yaml file code<\/u><\/em><\/p>

The YAMLLoader class has two functions defined: init<\/em> and load.<\/p>

The load function takes the path to the yaml file and a data class to use as arguments and returns the loaded model.<\/p>

Taking a closer look, we can see that the load function unsafely loads the yaml file with yaml.load without the safe loader. So, it is vulnerable to a YAML deserialization attack and can grant remote command execution to an attacker.<\/p>

Implementation<\/u><\/strong><\/h3>

To analyze the vulnerability, we will exploit a program that uses the yacmmal package.<\/p>

This example program can be found in the example directory of yacmmal github repository. <\/p>

Our example program loads two configuration files, hp_file and ep_file, from the config directory and loads them to generate a model.<\/p>

Vulnerability Test<\/u><\/strong><\/h3>

First, we need to create a basic yaml exploit to check if the vulnerability exists or not.<\/p>

According to the pyyaml documentation, the yaml.dump function accepts a Python object and produces a YAML document.<\/p>

So, opening the python interpreter, we import the yaml package and test. <\/p>

We pass a string (AAAA) to the yaml.dump function which generates a yaml document and we print it.<\/p>

In the same way, we can pass a function to dump. Here, \u201c!!python\/object\/apply:builtins.range\u201d is the serialized object and 1,4,1 are the arguments passed to the function.<\/p>

Same way, we can modify the serialized object for sleep function instead of range. The second line takes 4 seconds before finishing the execution. We will use the time.sleep payload to test if our Yacmmal application is vulnerable.<\/p>

As our application takes hp_file.yaml configuration from the config directory, we will modify the hp_file.yaml to contain our basic exploit.<\/p>

As we can see, the program takes 4 seconds before throwing us an error, which means our basic exploit was successful and now we can modify our exploit to get the command execution.<\/p>

Command Execution<\/u><\/strong><\/h3>

From our basic exploit (!!python\/object\/apply:time.sleep [4]<\/strong>) we replace time.sleep function with os.system and pass our command as argument.<\/p>

So now our final exploit would be:<\/p>

!!python\/object\/apply:os.system [\u201cid;whoami\u201d]<\/strong><\/p>

Running the exploit, we can see that we get successful command execution.<\/p>

Solution<\/u><\/strong><\/h3>

As this exploit is not known and no patches are available for Yaccmal, the usage of the package should be avoided until any patches are public. If the usage of the package is necessary, the following change should be made:<\/p>

For the file yacmmal\/load\/yaml.py, <\/strong><\/p>

Replace line 37 <\/strong><\/p>

data = yaml.load(f, Loader=yaml.Loader)<\/strong><\/p>

With <\/p>

data = yaml.load(f, Loader=yaml.SafeLoader)<\/strong><\/p>

#NCSAM #exploit #yacmmal #research #zeroday #vicarius_blog <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

About Version 2 Digital<\/h3>

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n

\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/p>\n

About VRX<\/b>
VRX <\/b>is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

As one of the most popular languages, Python has a wide […]<\/p>","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[476,488,61],"tags":[477,489],"class_list":["post-58841","post","type-post","status-publish","format-standard","hentry","category-vrx","category-488","category-press-release","tag-vrx","tag-489"],"acf":[],"yoast_head":"\nExploit Development and RCE for Python Package - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vicarius.io\/blog\/exploit-development-and-rce-for-python-package\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Exploit Development and RCE for Python Package - Version 2\" \/>\n<meta property=\"og:description\" content=\"As one of the most popular languages, Python has a wide […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vicarius.io\/blog\/exploit-development-and-rce-for-python-package\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-17T01:53:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-02T10:14:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8ssro4c1gsi0kpl4mfhg157.jpg\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/exploit-development-and-rce-for-python-package#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/10\\\/exploit-development-and-rce-for-python-package\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"Exploit Development and RCE for Python Package\",\"datePublished\":\"2022-10-17T01:53:21+00:00\",\"dateModified\":\"2022-12-02T10:14:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/10\\\/exploit-development-and-rce-for-python-package\\\/\"},\"wordCount\":779,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/exploit-development-and-rce-for-python-package#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl8ssro4c1gsi0kpl4mfhg157.jpg\",\"keywords\":[\"vRx\",\"2022\"],\"articleSection\":[\"vRx\",\"2022\",\"Press Release\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/10\\\/exploit-development-and-rce-for-python-package\\\/\",\"url\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/exploit-development-and-rce-for-python-package\",\"name\":\"Exploit Development and RCE for Python Package - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/exploit-development-and-rce-for-python-package#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/exploit-development-and-rce-for-python-package#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl8ssro4c1gsi0kpl4mfhg157.jpg\",\"datePublished\":\"2022-10-17T01:53:21+00:00\",\"dateModified\":\"2022-12-02T10:14:40+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/exploit-development-and-rce-for-python-package#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/exploit-development-and-rce-for-python-package\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/exploit-development-and-rce-for-python-package#primaryimage\",\"url\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl8ssro4c1gsi0kpl4mfhg157.jpg\",\"contentUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl8ssro4c1gsi0kpl4mfhg157.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/exploit-development-and-rce-for-python-package#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Exploit Development and RCE for Python Package\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/en\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Exploit Development and RCE for Python Package - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vicarius.io\/blog\/exploit-development-and-rce-for-python-package","og_locale":"en_US","og_type":"article","og_title":"Exploit Development and RCE for Python Package - Version 2","og_description":"As one of the most popular languages, Python has a wide […]","og_url":"https:\/\/www.vicarius.io\/blog\/exploit-development-and-rce-for-python-package","og_site_name":"Version 2","article_published_time":"2022-10-17T01:53:21+00:00","article_modified_time":"2022-12-02T10:14:40+00:00","og_image":[{"url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8ssro4c1gsi0kpl4mfhg157.jpg","type":"","width":"","height":""}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"Written by":"version2hk","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vicarius.io\/blog\/exploit-development-and-rce-for-python-package#article","isPartOf":{"@id":"https:\/\/version-2.com\/2022\/10\/exploit-development-and-rce-for-python-package\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"Exploit Development and RCE for Python Package","datePublished":"2022-10-17T01:53:21+00:00","dateModified":"2022-12-02T10:14:40+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2022\/10\/exploit-development-and-rce-for-python-package\/"},"wordCount":779,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/exploit-development-and-rce-for-python-package#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8ssro4c1gsi0kpl4mfhg157.jpg","keywords":["vRx","2022"],"articleSection":["vRx","2022","Press Release"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2022\/10\/exploit-development-and-rce-for-python-package\/","url":"https:\/\/www.vicarius.io\/blog\/exploit-development-and-rce-for-python-package","name":"Exploit Development and RCE for Python Package - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vicarius.io\/blog\/exploit-development-and-rce-for-python-package#primaryimage"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/exploit-development-and-rce-for-python-package#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8ssro4c1gsi0kpl4mfhg157.jpg","datePublished":"2022-10-17T01:53:21+00:00","dateModified":"2022-12-02T10:14:40+00:00","breadcrumb":{"@id":"https:\/\/www.vicarius.io\/blog\/exploit-development-and-rce-for-python-package#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vicarius.io\/blog\/exploit-development-and-rce-for-python-package"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vicarius.io\/blog\/exploit-development-and-rce-for-python-package#primaryimage","url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8ssro4c1gsi0kpl4mfhg157.jpg","contentUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8ssro4c1gsi0kpl4mfhg157.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vicarius.io\/blog\/exploit-development-and-rce-for-python-package#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/zh\/"},{"@type":"ListItem","position":2,"name":"Exploit Development and RCE for Python Package"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/en\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-fj3","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/58841","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/comments?post=58841"}],"version-history":[{"count":4,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/58841\/revisions"}],"predecessor-version":[{"id":58851,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/58841\/revisions\/58851"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/media?parent=58841"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/categories?post=58841"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/tags?post=58841"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}