cbcvebase.

Fishaudio Bert-Vits2 vulnerabilities

5 known vulnerabilities affecting fishaudio/bert-vits2.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-39686P2CRITICALCVSS 9.8≤ 2.32024-07-22
CVE-2024-39686 [CRITICAL] CWE-78 CVE-2024-39686: Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variabl Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.
nvd
CVE-2024-39685P2CRITICALCVSS 9.8≤ 2.32024-07-22
CVE-2024-39685 [CRITICAL] CWE-78 CVE-2024-39685: Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variabl Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.
nvd
CVE-2026-8755P3HIGHCVSS 7.3v8f7fbd8c4770965225d258db548da27dc8dd934c2026-05-17
CVE-2026-8755 [HIGH] CWE-22 CVE-2026-8755: A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The af A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function _get_all_models of the file hiyoriUI.py of the component Model Handler. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been published and may be used. Continious delivery with r
nvd
CVE-2026-8756P3HIGHCVSS 7.3v8f7fbd8c4770965225d258db548da27dc8dd934c2026-05-17
CVE-2026-8756 [HIGH] CWE-22 CVE-2026-8756: A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934 A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generate_config of the file webui_preprocess.py of the component Gradio Interface. Such manipulation of the argument data_dir leads to path traversal. The attack can be launched remotely. The exploit has been disclos
nvd
CVE-2024-39688P3MEDIUMCVSS 6.5≤ 2.32024-07-22
CVE-2024-39688 [MEDIUM] CWE-22 CVE-2024-39688: Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variabl Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is concatenated with other folders and used to open a new file in the generate_config function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitrary directory on the server. If a given directory path
nvd
Fishaudio Bert-Vits2 vulnerabilities | cvebase