漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
GHSL-2025-013_Retrieval-based-Voice-Conversion-WebUI
Vulnerability Description
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables exp_dir1, np7 and f0method8 take user input and pass it into the extract_f0_feature function, which concatenates them into a command that is run on the server. This can lead to arbitrary command execution. As of time of publication, no known patches exist.
CVSS Information
N/A
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Retrieval-based-Voice-Conversion-WebUI 安全漏洞
Vulnerability Description
Retrieval-based-Voice-Conversion-WebUI是RVC-Project开源的一个声音训练模型工具。 Retrieval-based-Voice-Conversion-WebUI 2.2.231006及之前版本存在安全漏洞,该漏洞源于命令注入。
CVSS Information
N/A
Vulnerability Type
N/A