Back

CVE-2024-39688

July 22, 2024, 4:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

fishaudio/Bert-VITS2

  • 2.3 and earlier

Source

security-advisories@github.com

Tags

security-advisories@github.com
CWE-22
2024-07-22
CVE-2024-39688

CVE-2024-39688 details

Published : July 22, 2024, 4:15 p.m.
Last Modified : July 22, 2024, 4:15 p.m.

Description

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is concatenated with other folders and used to open a new file in the generate_config function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitrary directory on the server. If a given directory path doesn’t exist, the application will return an error, so this vulnerability could also be used to gain information about existing directories on the server. This affects fishaudio/Bert-VITS2 2.3 and earlier.

CVSS Score

1 2 3 4 5 6.5 7 8 9 10

Weakness

Weakness Name Description
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

Base Score

6.5

Exploitability Score

3.9

Impact Score

2.5

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References

URL Source
https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L130-L133 security-advisories@github.com
https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L34 security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/ security-advisories@github.com
This website uses the NVD API, but is not approved or certified by it.