Vulnerability Details CVE-2024-39686
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.1%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2024-39686
-
cpe:2.3:a:fishaudio:bert-vits2:-
-
cpe:2.3:a:fishaudio:bert-vits2:1.0
-
cpe:2.3:a:fishaudio:bert-vits2:1.0.1
-
cpe:2.3:a:fishaudio:bert-vits2:1.1
-
cpe:2.3:a:fishaudio:bert-vits2:1.1.1
-
cpe:2.3:a:fishaudio:bert-vits2:2.0.1
-
cpe:2.3:a:fishaudio:bert-vits2:2.0.2.1
-
cpe:2.3:a:fishaudio:bert-vits2:2.1
-
cpe:2.3:a:fishaudio:bert-vits2:2.2
-
cpe:2.3:a:fishaudio:bert-vits2:2.3