Text-Generation-Webui Remote Code Execution Vulnerability via Path Traversal

A remote code execution vulnerability has been identified in Text Generation Web UI versions prior to 4.1.1. The issue arises from a path traversal vulnerability that allows users to save extension settings in Python format within the application’s root directory. This capability can be exploited to overwrite Python files, such as 'download-model.py'. Once overwritten, the modified Python file can be executed from the 'Model' menu when downloading a new model. This vulnerability has been patched in version 4.1.1.

Impact

Exploitation of this vulnerability allows a remote attacker with access to the Web UI to execute arbitrary code on the back-end server, using the application's privileges. This could lead to full control over the server, allowing the attacker to modify or exfiltrate any data accessible to the application.

Reproduction

The vulnerability can be reproduced by saving extension settings to 'user_data/settings.yaml' and overwriting the 'download-model.py' file with a payload that creates a file in the '/tmp' directory. After executing the payload through the 'Model' menu, the created file can be verified on the server.

Remediation

Users are advised to update to Text Generation Web UI version 4.1.1 or later. If the 'Save extension settings' functionality is still needed, consider implementing back-end validation to prevent path traversal, ensuring that file names end with '.yaml' and that the 'File folder' field cannot be modified.