MONAI Pickle Deserialization Vulnerability Leading to Remote Code Execution

A remote code execution vulnerability exists in MONAI (Medical Open Network for AI) versions through 1.5.0. The issue arises in the `pickle_operations` function located in `monai/data/utils.py`, which deserializes dictionary key-value pairs with specific suffixes using `pickle.loads()`. This function lacks security measures, allowing for arbitrary code execution. The vulnerability can be exploited by loading serialized data from untrusted sources or by using MONAI's data processing functions that trigger the deserialization.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the system where MONAI is running.

Reproduction

The vulnerability can be reproduced by creating a dataset containing maliciously crafted pickle data that, when deserialized by the `pickle_operations` function, executes arbitrary commands. This can be done by using MONAI's data loading and processing functions, which automatically invoke the vulnerable deserialization operation.

Remediation

Users are advised to verify the source and content of data before deserialization or to use safer deserialization methods. This vulnerability has been acknowledged by the MONAI project, and users should monitor the project's security advisories for updates.