Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py bert_gen function
Vulnerability Description
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Bert-VITS2 安全漏洞
Vulnerability Description
Bert-VITS2是Fish Audio开源的一种文本转语音模型的主干。 Bert-VITS2 2.3版本存在安全漏洞,该漏洞源于存在任意命令执行问题。
CVSS Information
N/A
Vulnerability Type
N/A