manga-image-translator Remote Code Execution Vulnerability via Unsafe Pickle Deserialization

A remote code execution vulnerability has been identified in the manga-image-translator application, specifically in the shared API server mode. This issue arises from the unsafe deserialization of untrusted pickle data in the share.py module. The vulnerability is present in the /execute/{method_name} and /simple_execute/{method_name} endpoints, which deserialize attacker-controlled HTTP request bodies using pickle.loads(). When the server is running with the default Docker deployment as root, a remote attacker can exploit this vulnerability by sending a crafted pickle payload to these endpoints, leading to arbitrary code execution in the server process and full container compromise.

Impact

Exploitation of this vulnerability allows for remote code execution on the server, with the executed code running as root inside the Docker container. This could lead to a compromise of the host system, depending on the Docker configuration.

Reproduction

The vulnerability can be reproduced by deploying the manga-image-translator application in shared mode with the nonce option set to None, which disables a basic authentication check. Once the server is running, a POST request can be sent to the /execute/{method_name} endpoint with a malicious pickle payload in the request body. If the nonce is set to None, no authentication is required, and the crafted payload will be deserialized by pickle.loads(), executing the embedded code with root privileges.

Remediation

Users can update to the latest version of manga-image-translator, where this vulnerability has been fixed. Instructions for updating can be found in the project's GitHub repository.