Applio Unsafe Deserialization Vulnerability in Inference and TTS Modules Allowing Remote Code Execution

A vulnerability exists in Applio, a voice conversion tool, in versions through 3.2.8-bugfix. The issue arises from unsafe deserialization in the inference.py and tts.py files. User-supplied input, such as model file paths, is passed to functions that load models using torch.load. This deserialization flaw can be exploited to execute remote code on the server.

Impact

Exploitation of this vulnerability can lead to remote code execution on the Applio server.

Reproduction

The vulnerability can be reproduced by uploading a malicious model file through the user interface or by using the application's file upload features. The uploaded file must be crafted to include executable code that can be triggered upon deserialization. Once the file is uploaded, it can be selected within the application, which will then process the file and execute the embedded code, demonstrating the unsafe deserialization vulnerability.

Remediation

Users can update to the latest version of Applio, where this vulnerability has been patched. The patched version is available on the main branch of the repository.