GHSL-2025-045: GPT-SoVITS Command Injection vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py open_slice function. slice_opt_root and slice-inp-path takes user input, which is passed to the open_slice function, which concatenates the user input into a command and runs it on the server, leading to arbitrary command execution. At time of publication, no known patched versions are available.

N/A

在命令中使用的特殊元素转义处理不恰当(命令注入)

GPT-SoVITS-WebUI 命令注入漏洞

GPT-SoVITS-WebUI是RVC-Boss个人开发者的一个TTS训练模型。 GPT-SoVITS-WebUI 20250228v3及之前版本存在命令注入漏洞，该漏洞源于open_slice函数存在命令注入，可能导致执行任意代码。

N/A

N/A