Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GHSL-2025-012_Retrieval-based-Voice-Conversion-WebUI
Vulnerability Description
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables exp_dir1, np7, trainset_dir4 and sr2 take user input and pass it to the preprocess_dataset function, which concatenates them into a command that is run on the server. This can lead to arbitrary command execution. As of time of publication, no known patches exist.
CVSS Information
N/A
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Retrieval-based-Voice-Conversion-WebUI 安全漏洞
Vulnerability Description
Retrieval-based-Voice-Conversion-WebUI是RVC-Project开源的一个声音训练模型工具。 Retrieval-based-Voice-Conversion-WebUI 2.2.231006及之前版本存在安全漏洞,该漏洞源于命令注入。
CVSS Information
N/A
Vulnerability Type
N/A