Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remote OS Command Injection Vulnerability in GPT-SoVITS Voice Denoiser Component #1770

Open
superboy-zjc opened this issue Nov 11, 2024 · 0 comments
Open

Remote OS Command Injection Vulnerability in GPT-SoVITS Voice Denoiser Component #1770

superboy-zjc opened this issue Nov 11, 2024 · 0 comments

Comments

@superboy-zjc
Copy link

Summary

The web backend server for GPT-SoVITS lacks proper user input sanitization in the voice denoiser component, which leads to remote OS command injection vulnerability. This flaw allows attackers to execute arbitrary commands, compromising the system and causing critical security risks.

Due to this vulnerability and the web server's default public exposure, the GPT-SoVITS server is unsuitable for deployment in public production environments until the vulnerability is patched.

Affected Versions

  • Relased version < 20240821v2

  • As for today (2024.12.10), all versions of repo code

Details

The vulnerability originates from the open_denoise function in the voice denoiser, in which a shell command is constructed using denoise_inp_dir and denoise_opt_dir variable provisioned from the user input.

#https://github.com/RVC-Boss/GPT-SoVITS/blob/a70e1ad30c072cdbcfb716962abdc8008fa41cc2/webui.py#L281-L297
def open_denoise(denoise_inp_dir, denoise_opt_dir):
  	...
    check_for_existance([denoise_inp_dir])
    cmd = '"%s" tools/cmd-denoise.py -i "%s" -o "%s" -p %s'%(python_exec,denoise_inp_dir,denoise_opt_dir,"float16"if is_half==True else "float32")
    print(cmd)
    p_denoise = Popen(cmd, shell=True)
    ...

The tool can be reached in the web UI.

image-20241110164958752

An attacker can exploit this command injection vulnerability by crafting malicious inputs. These inputs can be provided via the HTML forms or modified in the HTTP request, as highlighted in the screenshot below:

image-20241110165101180

PoC (Proof of Concept)

An attacker can easily achieve remote command execution (RCE) by inserting a malicous payload into the either of the denoising audio file paths in a voice denoiser operation.

  1. Install and Deploy the GPT-SoVITS following the official instructions with WebUI enabled
  2. Run the exploitation script: https://gist.github.com/superboy-zjc/63f9a049270eec46654569d5b8526485

Replacing cmd value with your desired to trigger an RCE attack:

python SoVITS-voice-denoiser-exp.py -u http://proof-of-concept:9874 -cmd "ping XXX -c 5"

image-20241110171342723

Patch

To fix the vulnerability:

Avoid using shell=True in Popen.

  • Instead, pass the command and its arguments as a list. This prevents user inputs from being executed as part of a shell command.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@superboy-zjc