Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Applio allows arbitrary file write in inference.py
Vulnerability Description
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of time of publication, no known patches are available.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Applio 路径遍历漏洞
Vulnerability Description
Applio是西班牙AI Hispano的一款开源 AI 语音转换工具。 Applio 3.2.8-bugfix及之前版本存在路径遍历漏洞,该漏洞源于inference.py中的任意文件写入问题,可能导致在Applio服务器上写入任意文件,或与不安全反序列化结合实现远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A