7 matches found
CVE-2026-8756
A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generateconfig of the file webuipreprocess.py of the component Gradio Interface. Such manipulation of the argument datadir leads to path traversal. The attac...
CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...
CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...
CVE-2024-39686 fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py bert_gen function
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is used directly in a command executed with subprocess.runcmd, shell=True in the bertgen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier...
CVE-2024-39686 fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py bert_gen function
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is used directly in a command executed with subprocess.runcmd, shell=True in the bertgen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier...
CVE-2024-39685 fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py resample function
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is used directly in a command executed with subprocess.runcmd, shell=True in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier...
CVE-2024-39685 fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py resample function
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is used directly in a command executed with subprocess.runcmd, shell=True in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier...