Security Advisory

CVE-2024-39686

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-22 15:16:17

Last updated 2024-08-02 04:26:15

Assigner GitHub_M

State PUBLISHED

Description

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.

← Browse all CVEs View on cve.org ↗