Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remote OS Command Injection Vulnerability in GPT-SoVITS Speech to Text Proofreading Tool #1769

Open
superboy-zjc opened this issue Nov 11, 2024 · 0 comments
Open

Remote OS Command Injection Vulnerability in GPT-SoVITS Speech to Text Proofreading Tool #1769

superboy-zjc opened this issue Nov 11, 2024 · 0 comments

Comments

@superboy-zjc
Copy link

Summary

The web backend server for GPT-SoVITS lacks proper user input sanitization in the speech to text proofreading tool, which leads to remote OS command injection vulnerability. This flaw allows attackers to execute arbitrary commands, compromising the system and causing critical security risks.

Due to this vulnerability and the web server's default public exposure, the GPT-SoVITS server is unsuitable for deployment in public production environments until the vulnerability is patched.

Affected Versions

  • Relased version < 20240821v2

  • As for today (2024.12.10), all versions of repo code

Details

The vulnerability originates from the change_label function in the speech to text proofreading tool, in which a shell command is constructed using path_list variable provisioned from the user input.

#https://github.com/RVC-Boss/GPT-SoVITS/blob/a70e1ad30c072cdbcfb716962abdc8008fa41cc2/webui.py#L200-L212
def change_label(path_list):
  	...
    cmd = '"%s" tools/subfix_webui.py --load_list "%s" --webui_port %s --is_share %s'%(python_exec,path_list,webui_port_subfix,is_share)
    yield i18n("打标工具WebUI已开启"), {'__type__':'update','visible':False}, {'__type__':'update','visible':True}
    print(cmd)
    p_label = Popen(cmd, shell=True)
    ...

The tool can be reached in the web UI.

image-20241110160627510

An attacker can exploit this command injection vulnerability by crafting malicious inputs. These inputs can be provided via the HTML forms or modified in the HTTP request, as highlighted in the screenshot below:

image-20241110160835176

PoC (Proof of Concept)

An attacker can easily achieve remote command execution (RCE) by inserting a malicous payload into the .list annotation file path in a speech to text proofreading operation.

  1. Install and Deploy the GPT-SoVITS following the official instructions with WebUI enabled
  2. Run the exploitation script: https://gist.github.com/superboy-zjc/1daf3ae7ba40d09b6cdf62df15be7972

Replacing cmd value with your desired to trigger an RCE attack:

python SoVITS-speech-to-text-exp.py -u http://proof-of-concept:9874/ -cmd "ping XXX"

image-20241110163535788

Patch

To fix the vulnerability:

Avoid using shell=True in Popen.

  • Instead, pass the command and its arguments as a list. This prevents user inputs from being executed as part of a shell command.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@superboy-zjc