3 matches found
CVE-2025-49835
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py openasr function. asrinpdir and a number of other variables takes user input, which is passed to the openasr function, which concatenates the...
CVE-2025-49835
GPT-SoVITS-WebUI contains a command-injection vulnerability in the open_asr (webui.py) function. In versions 20250228v3 and prior, user-controlled input is incorporated into a shell command, which is then executed on the server, enabling arbitrary command execution. Multiple connected sources cor...
CVE-2025-49835 GHSL-2025-047: GPT-SoVITS Command Injection vulnerability
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py openasr function. asrinpdir and a number of other variables takes user input, which is passed to the openasr function, which concatenates the...