cve/CVE-2024-39686.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio d6bcaa53f2 Update CVE sources 2024-07-25 21:25

2024-07-25 21:25:12 +00:00

960 B

Raw Permalink Blame History

CVE-2024-39686

Description

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.

POC

Reference

https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/

Github

No PoCs found on GitHub currently.

960 B Raw Permalink Blame History

CVE-2024-39686

Description

POC

Reference

Github

960 B

Raw Permalink Blame History