ChromaDB Python Pre-Authentication Remote Code Execution Vulnerability

A pre-authentication remote code execution vulnerability has been identified in the ChromaDB Python project, affecting version 1.0.0 and later. This vulnerability allows an unauthenticated attacker to execute arbitrary code on the server by sending a malicious model repository with the 'trust_remote_code' parameter set to true, through the '/api/v2/tenants/{tenant}/databases/{db}/collections' endpoint.

Impact

Exploitation of this vulnerability leads to remote code execution on the server where ChromaDB is running.

Reproduction

To reproduce this vulnerability, send a request to the '/api/v2/tenants/{tenant}/databases/{db}/collections' endpoint without authentication. Include a collection creation request that specifies a malicious embedding model hosted on Hugging Face, with the 'trust_remote_code' parameter set to true. The server will download and execute the model before performing the authentication check, resulting in remote code execution.

Remediation

Users are advised to switch to the Rust-based deployment of ChromaDB, which is not vulnerable, and to restrict network access to the ChromaDB port to trusted clients only.