Retrieval-Based Voice Conversion WebUI Unsafe Deserialization Vulnerability Allowing Remote Code Execution

A vulnerability allowing unsafe deserialization has been identified in Retrieval-Based Voice Conversion WebUI, specifically in versions through 2.2.231006. The issue arises in the 'process_ckpt.py' file, where the 'ckpt_path1' variable accepts user input, such as a model path, and passes it to the 'show_info' function. This function uses 'torch.load' to load the model from the specified path, creating a risk of remote code execution. Similar deserialization vulnerabilities are present in other functions within the same module, as well as in 'export.py' and 'vr.py', all of which can lead to arbitrary code execution.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the application is running.

Reproduction

The vulnerability can be reproduced by providing a crafted path to a model file that, when loaded using 'torch.load', executes arbitrary code. This can be done through the application's web interface or by modifying the 'infer-web.py' script to include the malicious model path.