VYPR
Unrated severityNVD Advisory· Published Jul 22, 2024· Updated Aug 2, 2024

fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py bert_gen function

CVE-2024-39686

Description

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.