Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/03 4:8 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the POST multipart upload process. An attacker can write arbitrary files to any existing directory on the filesystem by crafting a specially constructed URL path containing directory traversal sequences and...

9.8CVSS6.3AI score0.00683EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/17 8:42 p.m.2 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...

5.1CVSS6.6AI score0.00106EPSS
Exploits0References2
OSV
OSV
added 2024/07/22 3:21 p.m.19 views

CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...

6.5CVSS6.8AI score0.00501EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/07/22 3:21 p.m.29 views

CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...

6.5CVSS0.00501EPSS
Exploits1References3
Rows per page
Query Builder