Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Applio allows unsafe deserialization in model_information.py
Vulnerability Description
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in model_information.py. `model_name` in model_information.py takes user-supplied input (e.g. a path to a model) and pass that value to the `run_model_information_script` and later to `model_information` function, which loads that model with `torch.load` in rvc/train/process/model_information.py (on line 16 in 3.2.8-bugfix), which is vulnerable to unsafe deserialization. The issue can lead to remote code execution. A patch is available in the `main` branch of the repository.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Applio 代码问题漏洞
Vulnerability Description
Applio是西班牙AI Hispano的一款开源 AI 语音转换工具。 Applio 3.2.8-bugfix及之前版本存在代码问题漏洞,该漏洞源于model_information.py中的不安全反序列化问题,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A