Lucene search

GitHub_MCVELIST:CVE-2024-39685

HistoryJul 22, 2024 - 3:13 p.m.

CVE-2024-39685 fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py resample function

2024-07-2215:13:06

CWE-78

GitHub_M

www.cve.org

cve-2024-39685

fishaudio

bert-vits2

command injection

webui_preprocess.py

resample function

subprocess.run

arbitrary command execution

security issue

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.2%

JSON

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.

CNA Affected

[
  {
    "vendor": "FishAudio",
    "product": "Bert-VITS2",
    "versions": [
      {
        "version": "<= 2.3",
        "status": "affected"
      }
    ]
  }
]

References

github.com/fishaudio/Bert-VITS2/blob/3f8c537f4aeb281df3fb3c455eed9a1b64871a81/webui_preprocess.py#L46-L52

github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L130-L133

securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.2%

JSON

Related for CVELIST:CVE-2024-39685