Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Applio allows arbitrary file read in train.py export_pth function
Vulnerability Description
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's `export_pth` function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files from servers on the internal network that the Applio server has access to. As of time of publication, no known patches are available.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Applio 信息泄露漏洞
Vulnerability Description
Applio是西班牙AI Hispano的一款开源 AI 语音转换工具。 Applio 3.2.8-bugfix及之前版本存在信息泄露漏洞,该漏洞源于train.py的export_pth函数中的任意文件读取问题,可能导致读取Applio服务器上的任意文件,或与盲服务端请求伪造结合读取内部网络上的文件。
CVSS Information
N/A
Vulnerability Type
N/A