2 matches found
CVE-2025-49839
GPT-SoVITS-WebUI contains an unsafe deserialization vulnerability in bsroformer.py (versions 20250228v3 and prior). User-controlled input (model_path) is used to instantiate Roformer_Loader, which appends .ckpt and passes the path to torch.load, enabling unsafe deserialization. At publication, no...
CVE-2025-49839 GHSL-2025-051: GPT-SoVITS Deserialization of Untrusted Data vulnerability
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...