5 matches found
CVE-2024-39686
CVE-2024-39686 affects fishaudio/Bert-VITS2 (VITS2 Backbone with multilingual BERT). The root cause is that user input provided to the data_dir variable is used directly in a shell command via subprocess.run(cmd, shell=True) inside the bert_gen function, allowing arbitrary command execution. Affe...
CVE-2024-39686 fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py bert_gen function
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is used directly in a command executed with subprocess.runcmd, shell=True in the bertgen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier...
CVE-2024-39686 fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py bert_gen function
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is used directly in a command executed with subprocess.runcmd, shell=True in the bertgen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier...
CVE-2024-39685 fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py resample function
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is used directly in a command executed with subprocess.runcmd, shell=True in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier...
CVE-2024-39685 fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py resample function
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is used directly in a command executed with subprocess.runcmd, shell=True in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier...