### [CVE-2024-39686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39686)
![](https://img.shields.io/static/v1?label=Product&message=Bert-VITS2&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%202.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen)

### Description

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.

### POC

#### Reference
- https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/

#### Github
No PoCs found on GitHub currently.