CVE-2024-39688

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is concatenated with other folders and used to open a new file in the generate_config function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitrary directory on the server. If a given directory path doesn’t exist, the application will return an error, so this vulnerability could also be used to gain information about existing directories on the server. This affects fishaudio/Bert-VITS2 2.3 and earlier.
Configurations

Configuration 1 (hide)

cpe:2.3:a:fish.audio:bert-vits2:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:28

Type Values Removed Values Added
References () https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L130-L133 - Issue Tracking () https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L130-L133 - Issue Tracking
References () https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L34 - Issue Tracking () https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L34 - Issue Tracking
References () https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/ - Exploit, Third Party Advisory () https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/ - Exploit, Third Party Advisory

11 Sep 2024, 15:41

Type Values Removed Values Added
References () https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L130-L133 - () https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L130-L133 - Issue Tracking
References () https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L34 - () https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L34 - Issue Tracking
References () https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/ - () https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/ - Exploit, Third Party Advisory
CPE cpe:2.3:a:fish.audio:bert-vits2:*:*:*:*:*:*:*:*
First Time Fish.audio bert-vits2
Fish.audio

24 Jul 2024, 12:55

Type Values Removed Values Added
Summary
  • (es) Bert-VITS2 es la columna vertebral de VITS2 con bert multilingüe. La entrada del usuario proporcionada a la variable data_dir se concatena con otras carpetas y se usa para abrir un nuevo archivo en la función generate_config, lo que conduce a una escritura de archivo limitada. El problema permite escribir el archivo /config/config.json en un directorio arbitrario del servidor. Si una ruta de directorio determinada no existe, la aplicación devolverá un error, por lo que esta vulnerabilidad también podría usarse para obtener información sobre directorios existentes en el servidor. Esto afecta a fishaudio/Bert-VITS2 2.3 y versiones anteriores.

22 Jul 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-22 16:15

Updated : 2024-11-21 09:28


NVD link : CVE-2024-39688

Mitre link : CVE-2024-39688

CVE.ORG link : CVE-2024-39688


JSON object : View

Products Affected

fish.audio

  • bert-vits2
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')