2 matches found
CVE-2024-39688
The CVE-2024-39688 entry describes a limited file write in Bert-VITS2 (fishaudio/Bert-VITS2) where user input to the data_dir variable is concatenated with directories and used in generate_config, allowing writing /config/config.json to an arbitrary directory. Affected versions are 2.3 and earlie...
CVE-2024-39685
Bert-VITS2 (fishaudio) vulnerability CVE-2024-39685 affects version 2.3 and earlier of the Bert-VITS2 backbone. The root cause is that user input to the data_dir variable is used directly in a subprocess.run(cmd, shell=True) call within the resample function, enabling arbitrary command execution....