Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function
Vulnerability Description
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is concatenated with other folders and used to open a new file in the generate_config function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitrary directory on the server. If a given directory path doesn’t exist, the application will return an error, so this vulnerability could also be used to gain information about existing directories on the server. This affects fishaudio/Bert-VITS2 2.3 and earlier.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Bert-VITS2 安全漏洞
Vulnerability Description
Bert-VITS2是Fish Audio开源的一种文本转语音模型的主干。 Bert-VITS2 2.3版本存在安全漏洞,该漏洞源于文件写入受限,允许在服务器上的任意目录中写入/config/config.json文件。
CVSS Information
N/A
Vulnerability Type
N/A