CVE-2024-39686

CVSS V2 None CVSS V3 None
Description
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.
Overview
  • CVE ID
  • CVE-2024-39686
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-07-22T15:16:17.258Z
  • Last Modified Date
  • 2024-07-22T15:16:17.258Z
History
Created Old Value New Value Data Type Notes
2024-07-23 13:16:13 Added to TrackCVE