CVE-2019-1010200

Name of the Vulnerable Software and Affected Versions: Voice Builder versions prior to commit f6660e6d8f0d1d931359d591dbdec580fef36d36

Description: The issue affects two web servers in the project, exposing three vulnerable endpoints that can be accessed remotely, specifically at "/tts" and "/alignment". An attacker can send a GET request to the vulnerable endpoint with a specially formatted query parameter, potentially leading to remote code execution with the same privileges as the servers.

Recommendations: For versions prior to commit f6660e6d8f0d1d931359d591dbdec580fef36d36, update to a version after commit f6660e6d8f0d1d931359d591dbdec580fef36d36 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable endpoints "/tts" and "/alignment" to minimize the risk of exploitation.