manga-image-translator Unauthenticated Remote Code Execution Vulnerability via Unsafe Pickle Deserialization

A vulnerability allowing unauthenticated remote code execution has been identified in manga-image-translator versions beta-0.3 and prior, when the shared API mode is active. This issue arises because the FastAPI endpoints /simple_execute/{method} and /execute/{method} deserialize request bodies controlled by the attacker using pickle.loads(), without any validation. Although there is a nonce-based authorization check intended to limit access, the nonce defaults to an empty string, causing the check to be bypassed. As a result, remote attackers can execute arbitrary code in the context of the server by sending a specially crafted pickle payload.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where the application is running.

Reproduction

The vulnerability can be reproduced by sending a POST request to either the /simple_execute/{method} or /execute/{method} endpoint with a pickle-serialized payload that, when deserialized, executes a command on the server. The nonce header can be omitted, as the default configuration does not require authentication.

Remediation

Users can set the MT_WEB_NONCE environment variable or pass a nonce value via the command line when starting the application to enable authentication. However, a more permanent solution would be to update the application to change the default nonce value to a generated token, replace pickle serialization with a safer alternative like JSON or MessagePack, and restrict the shared API server to localhost.