Threat Overview

The vulnerability arises from improper handling of SQL queries within the neural_solution server, specifically in the API endpoint /task/submit. Attackers can exploit this by injecting malicious SQL code into the q_model_path field of a task, enabling them to alter database entries. Subsequently, the /download/<task_id> endpoint can be abused to download any file specified in the altered q_model_path, leading to unauthorized access to sensitive files, database compromise, and potential system compromise.

Attack Scenario

An attacker first submits a legitimate task to obtain a valid task_id. They then craft a malicious JSON payload, injecting SQL code into the approach parameter to alter the q_model_path of the task in the database to a sensitive directory (e.g., /home/victim/.ssh). Finally, the attacker uses the /download/<task_id> endpoint to download the contents of the specified directory, gaining unauthorized access to sensitive files.

Who is affected

Users of the Neural Compressor version 2.4 are affected by this vulnerability. Specifically, systems where the neural_solution server is deployed and accessible could be compromised, leading to unauthorized access to sensitive files and potentially further system compromise.

Technical Report