Sud0Why

**Name of the Vulnerable Software and Affected Versions** manga-image-translator versions beta-0.3 and prior **Description** The software contains an unsafe deserialization issue that could allow unauthenticated remote code execution. The application’s API endpoints, `/simple execute/{method}` and `/execute/{method}`, utilize `pickle.loads()` to deserialize request bodies without proper validation. An intended nonce-based authorization check is ineffective because the nonce defaults to an empty string, bypassing the security measure. This allows attackers to execute arbitrary code within the server environment by submitting a specially crafted pickle payload. **Recommendations** Versions prior to beta-0.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability.