Turms AI-Serving Improper File Type Validation Vulnerability in OCR Image Upload

A vulnerability exists in the Turms AI-Serving module's OCR image upload feature, specifically in versions through 0.10.0-SNAPSHOT. The OcrController improperly validates file types, allowing attackers to upload arbitrary files, including executables and scripts. This is possible because the system relies on client-supplied Content-Type headers and file extensions without checking the actual file content using magic bytes. Exploitation could lead to server-side code execution, stored cross-site scripting, or information disclosure, depending on how the uploaded files are handled.

Impact

Successful exploitation bypasses file type restrictions, allowing the upload of malicious files to the server. This could result in server-side code execution, stored cross-site scripting if the files are served to users, information disclosure through crafted files, and increased resource consumption with large or malformed uploads.

Reproduction

To reproduce this vulnerability, upload a file through the OCR image upload endpoint, using an image file extension or the Content-Type header set to 'image/*'. The server will accept the file without performing proper validation, allowing for the upload of executable scripts or other harmful file types.

Remediation

Users are advised to update to a version of Turms AI-Serving that includes proper file type validation. If no such version is available, implement magic byte validation to check the actual content of uploaded files before processing them.