Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GHSL-2025-015_Retrieval-based-Voice-Conversion-WebUI
Vulnerability Description
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckpt_path2 variable takes user input (e.g. a path to a model) and passes it to change_info_ function, which opens and reads the file on the given path (except it changes the final on the path to train.log), and passes the contents of the file to eval, which can lead to remote code execution. As of time of publication, no known patches exist.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Retrieval-based-Voice-Conversion-WebUI 代码注入漏洞
Vulnerability Description
Retrieval-based-Voice-Conversion-WebUI是RVC-Project开源的一个声音训练模型工具。 Retrieval-based-Voice-Conversion-WebUI 2.2.231006及之前版本存在代码注入漏洞,该漏洞源于ckpt_path2变量处理不当,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A