CVE-2024-32944

2024-05-2803:15:08

[email protected]

web.nvd.nist.gov

utau

path traversal

vulnerability

file placement

utau voicebank installer

crafted file

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip file) to UTAU, an arbitrary file may be placed.

Affected configurations

Vulners

Node

ameya\/ayameutauRange<0.4.19

CNA Affected

[
  {
    "vendor": "ameya/ayame",
    "product": "UTAU",
    "versions": [
      {
        "version": "prior to v0.4.19",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN71404925/

utau2008.xrea.jp/