admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-39685.md

18 lines
960 B
Markdown
Raw Normal View History

Update CVE sources 2024-07-25 21:25
2024-07-25 21:25:12 +00:00
### [CVE-2024-39685](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39685)
![](https://img.shields.io/static/v1?label=Product&message=Bert-VITS2&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%202.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen)
### Description
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.
### POC
#### Reference
- https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink