Applio Unsafe Deserialization Vulnerability in Voice Model Processing

A vulnerability allowing unsafe deserialization has been identified in Applio, a voice conversion tool, in versions through 3.2.8-bugfix. The issue is located in the 'model_blender.py' file, specifically in lines 20 and 21. The vulnerability arises because 'model_fusion_a' and 'model_fusion_b' in 'voice_blender.py' accept user-supplied input, such as model paths, and pass this data to the 'run_model_blender_script' function. This function subsequently calls 'torch.load' to load the models, creating a risk of remote code execution due to the unsafe deserialization.

Impact

Exploitation of this vulnerability can lead to remote code execution on the server where Applio is running.

Reproduction

To reproduce this vulnerability, upload a voice model file through the 'model_fusion_a' or 'model_fusion_b' input fields in the Applio interface. The file path can be entered manually or through a drag-and-drop action. Once the model paths are set, click the 'Fusion' button. The 'run_model_blender_script' function will be triggered, which loads the specified models using 'torch.load'. This process introduces the vulnerability by allowing maliciously crafted model files to be deserialized unsafely, potentially leading to arbitrary code execution.

Remediation

Users can update to Applio version 3.2.9, where this vulnerability has been fixed.