Retrieval-Based Voice Conversion WebUI Unsafe Deserialization Vulnerability Allowing Remote Code Execution

A vulnerability exists in Retrieval-Based Voice Conversion WebUI, specifically in versions through 2.2.231006, due to unsafe deserialization that can lead to remote code execution. The issue arises in the 'export_onnx' function within 'export.py', where user-supplied model paths are deserialized using 'torch.load'. This flaw is compounded by similar deserialization vulnerabilities in the 'process_ckpt' module, which also utilize 'torch.load' to deserialize user-controlled data without proper validation. The 'infer-web.py' file contains multiple instances of command injection vulnerabilities, further highlighting the application's security weaknesses.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the application is running.

Reproduction

To reproduce this vulnerability, upload a malicious model file to a location accessible by the application. Then, use the web interface to select this model for processing. The application will deserialize the model using 'torch.load', executing any embedded code. This can be done by injecting code into the model file's metadata or payload, which 'torch.load' will execute upon loading.