Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Applio allows arbitrary file removal in core.py
Vulnerability Description
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. `output_tts_path` in tts.py takes arbitrary user input and passes it to `run_tts_script` function in core.py, which checks if the path in `output_tts_path` exists, and if yes, removes that path, which leads to arbitrary file removal. As of time of publication, no known patches are available.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Applio 路径遍历漏洞
Vulnerability Description
Applio是西班牙AI Hispano的一款开源 AI 语音转换工具。 Applio 3.2.8-bugfix及之前版本存在路径遍历漏洞,该漏洞源于core.py存在任意文件删除问题,tts.py的output_tts_path参数接受任意用户输入并传递给core.py的run_tts_script函数,导致任意文件删除。
CVSS Information
N/A
Vulnerability Type
N/A