Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remote OS Command Injection Vulnerability in GPT-SoVITS Audio Slicer Component #1768

Open
superboy-zjc opened this issue Nov 11, 2024 · 0 comments
Open

Remote OS Command Injection Vulnerability in GPT-SoVITS Audio Slicer Component #1768

superboy-zjc opened this issue Nov 11, 2024 · 0 comments

Comments

@superboy-zjc
Copy link

Summary

The web backend server for GPT-SoVITS lacks proper user input sanitization in the Audio Slicer component, which leads to remote OS command injection vulnerability. This flaw allows attackers to execute arbitrary commands, compromising the system and causing critical security risks.

Due to this vulnerability and the web server's default public exposure, the GPT-SoVITS server is unsuitable for deployment in public production environments until the vulnerability is patched.

Affected Versions

  • Relased version < 20240821v2

  • As for today (2024.12.10), all versions of repo code

Details

The vulnerability originates from the open_slice function in the audio slicer component, in which a shell command is constructed using several user-controllable variables.

#https://github.com/RVC-Boss/GPT-SoVITS/blob/a70e1ad30c072cdbcfb716962abdc8008fa41cc2/webui.py#L405-L430
def open_slice(inp,opt_root,threshold,min_length,min_interval,hop_size,max_sil_kept,_max,alpha,n_parts):
		...
    cmd = '"%s" tools/slice_audio.py "%s" "%s" %s %s %s %s %s %s %s %s %s''' % (python_exec,inp, opt_root, threshold, min_length, min_interval, hop_size, max_sil_kept, _max, alpha, i_part, n_parts)
    print(cmd)
    p = Popen(cmd, shell=True)
    ...

image-20241110145720094

An attacker can exploit this command injection vulnerability by crafting malicious inputs. These inputs can be provided via the HTML forms or modified in the HTTP request, as highlighted in the screenshot below:image-20241110145828627

PoC (Proof of Concept)

An attacker can easily achieve remote command execution (RCE) by inserting a malicous payload into any of the parameters in a audio slice operation.

  1. Install and Deploy the GPT-SoVITS following the instruction with WebUI enabled
  2. Run the exploitation script: https://gist.github.com/superboy-zjc/cd04178660fd140f8ac250cfd6d5fb40

Replacing cmd value with your desired to trigger an RCE attack:

python SoVITS-audio-slicer-exp.py -u http://proof-of-concept:9874/ -cmd "ping XXX"

image-20241110153126791

Patch

To fix the vulnerability:

Avoid using shell=True in Popen.

  • Instead, pass the command and its arguments as a list. This prevents user inputs from being executed as part of a shell command.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@superboy-zjc