漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
GHSL-2025-052: GPT-SoVITS Deserialization of Untrusted Data vulnerability
Vulnerability Description
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inference_webui.py. The GPT_dropdown variable takes user input and passes it to the change_gpt_weights function. In change_gpt_weights, the user input, here gpt_path is used to load a model with torch.load, leading to unsafe deserialization. At time of publication, no known patched versions are available.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
GPT-SoVITS-WebUI 代码问题漏洞
Vulnerability Description
GPT-SoVITS-WebUI是RVC-Boss个人开发者的一个TTS训练模型。 GPT-SoVITS-WebUI 20250228v3及之前版本存在代码问题漏洞,该漏洞源于inference_webui.py存在不安全反序列化,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A