CVE-2025-49836 GHSL-2025-048: GPT-SoVITS Command Injection vulnerability
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py changelabel function. pathlist takes user input, which is passed to the changelabel function, which concatenates the user input into a command...