Computer Vision Annotation Tool Nuclio Tracker Functions Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the Computer Vision Annotation Tool (CVAT) versions 1.1.0 prior to 2.25.0. This issue arises in CVAT deployments running serverless functions of type 'tracker' from the CVAT Git repository, specifically the TransT and SiamMask functions. Additionally, deployments using custom 'tracker' functions may be vulnerable, depending on how they manage state serialization. Functions that utilize unsafe serialization libraries like 'pickle' or 'jsonpickle' are likely to be affected. The vulnerability allows an attacker with an account on the CVAT instance to execute arbitrary code within the Nuclio function container.

Impact

Exploitation of this vulnerability allows for arbitrary code execution in the context of the affected Nuclio function container.

Reproduction

To reproduce this vulnerability, deploy a CVAT instance with a version between 1.1.0 and 2.25.0. Enable the TransT or SiamMask Nuclio tracker functions, or deploy a custom tracker function that uses an unsafe serialization library such as 'pickle' or 'jsonpickle'. Once the function is invoked with maliciously crafted state data, the arbitrary code will be executed in the function's container.

Remediation

Users are advised to upgrade CVAT to version 2.26.0 or later. After updating, it is not necessary to change or redeploy the Nuclio functions. If an upgrade is not possible, any instances of the TransT or SiamMask functions should be shut down. For custom tracker functions, ensure that the state restoration process is secure against untrusted inputs.