Lucene search

GitHub_MCVELIST:CVE-2024-39686

HistoryJul 22, 2024 - 3:16 p.m.

CVE-2024-39686 fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py bert_gen function

2024-07-2215:16:17

CWE-78

GitHub_M

www.cve.org

cve-2024-39686

fishaudio

bert-vits2

webui_preprocess.py

command injection

subprocess.run

arbitrary command execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.2%

JSON

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.

CNA Affected

[
  {
    "vendor": "FishAudio",
    "product": "Bert-VITS2",
    "versions": [
      {
        "version": "<= 2.3",
        "status": "affected"
      }
    ]
  }
]

References

github.com/fishaudio/Bert-VITS2/blob/3f8c537f4aeb281df3fb3c455eed9a1b64871a81/webui_preprocess.py#L82C9-L82C57

github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L130-L133

securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.2%

JSON

Related for CVELIST:CVE-2024-39686