Sylwia Budzynska

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions prior to 20250228v3 **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A command injection issue exists in the `change label` function within the `webui.py` file. The `path list` variable takes user input, which is then incorporated into a command and executed on the server, potentially allowing for arbitrary command execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions 20250228v3 and prior **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A command injection issue exists in the `webui.py` `open slice` function. User-supplied input to `slice opt root` and `slice-inp-path` is concatenated into a command and executed on the server, potentially leading to arbitrary command execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions prior to 20250228v3 **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A command injection issue exists in the `webui.py` `open asr` function. The `asr inp dir` variable (and other variables) accepts user input, which is then incorporated into a command and executed on the server, potentially allowing for arbitrary command execution. **Recommendations** Versions prior to 20250228v3 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions 20250228v3 and prior **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A deserialization issue exists in the `bsroformer.py` file. The `model choose` variable accepts user-supplied input, such as a model path, and passes it to the `uvr` function. Within `uvr`, a `Roformer Loader` class instance is created, utilizing the user input as the `model path` attribute after appending the `.ckpt` extension. The `Roformer Loader` class then uses this user-controlled `model path` with `torch.load`, potentially leading to unsafe deserialization. **Recommendations** Versions prior to 20250228v3: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions 20250228v3 and prior **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. An unsafe deserialization issue exists in the `inference webui.py` file. The application takes user input via the `gpt path` variable and passes it to the `torch.load` function, resulting in unsafe deserialization. The `GPT dropdown` variable receives user input which is then passed to the `change gpt weights` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions 20250228v3 and prior **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A flaw exists due to unsafe deserialization in the vr.py AudioPre module. The `model choose` variable accepts user-supplied input, including a path to a model, and passes it to the uvr function. Within uvr, an instance of the AudioPre class is created, utilizing the user-provided input as the `model path` attribute, with the `.pth` extension appended. The AudioPre class then uses this `model path` to load the model using `torch.load`, which can result in unsafe deserialization. **Recommendations** Versions prior to 20250228v3 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions 20250228v3 and prior **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A command injection issue exists in the `webui.py` `open denoise` function. The `denoise inp dir` and `denoise opt dir` parameters accept user input, which is then incorporated into a command and executed on the server, potentially allowing for arbitrary command execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions 20250228v3 and prior **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A flaw exists in `process ckpt.py` due to unsafe deserialization. The `SoVITS dropdown` variable accepts user input, which is then passed to the `load sovits new` function within `process ckpt.py`. The `sovits path` input is used with `torch.load` to load a model, resulting in unsafe deserialization. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions 20250228v3 and prior **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A flaw exists due to unsafe deserialization in the vr.py AudioPreDeEcho component. The `model choose` variable accepts user-supplied input, such as a model path, and transmits it to the uvr function. Within uvr, an instance of the AudioPreDeEcho class is created, utilizing the user input as the `model path` attribute after appending the '.pth' extension. The AudioPreDeEcho class then uses this user input to load a model via `torch.load`, potentially leading to unsafe deserialization. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** The issue concerns a voice changing framework based on VITS, where unsafe deserialization can occur. The `ckpt a` and `cpkt b` variables take user input, such as a path to a model, and pass it to the `merge` function in `process ckpt.py`. This function uses `torch.load` to load models from the provided paths, which can lead to unsafe deserialization and remote code execution. No known patches exist as of the time of publication. **Recommendations** For versions 2.2.231006 and prior, consider disabling the `merge` function in `process ckpt.py` until a patch is available to prevent unsafe deserialization. Restrict access to the `ckpt a` and `cpkt b` variables to minimize the risk of exploitation. Avoid using the `torch.load` function with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The issue arises from unsafe deserialization. The `ckpt dir` variable takes user input, such as a path to a model, and passes it to the `change info` function in `export.py`. This function uses `torch.load` to load the model from the provided path, which can lead to unsafe deserialization and remote code execution. As of the time of publication, no known patches exist. **Recommendations** For versions 2.2.231006 and prior, consider disabling the `change info` function in `export.py` or restricting user input for the `ckpt dir` variable to prevent unsafe deserialization until a patch is available. Avoid using the `ckpt dir` variable in the affected `export.py` file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The `ckpt path1` variable takes user input, such as a path to a model, and passes it to the `show info` function in `process ckpt.py`. This function uses `torch.load` to load the model on that path, which can lead to unsafe deserialization and remote code execution. As of the time of publication, no known patches exist. **Recommendations** For versions 2.2.231006 and prior, as a temporary workaround, consider restricting the use of the `ckpt path1` variable and the `show info` function in `process ckpt.py` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** The issue concerns unsafe deserialization in the Retrieval-based-Voice-Conversion-WebUI voice changing framework, which is based on VITS. The `ckpt path2` variable takes user input, such as a path to a model, and passes it to the `extract small model` function in `process ckpt.py`. This function uses `torch.load` to load the model from the provided path, leading to potential unsafe deserialization and remote code execution. No known patches exist for this issue as of the time of publication. **Recommendations** For versions 2.2.231006 and prior, as a temporary workaround, consider restricting the use of the `ckpt path2` variable and the `extract small model` function in `process ckpt.py` to minimize the risk of exploitation. Avoid using the `torch.load` function with untrusted input until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The `model choose` variable takes user input, such as a path to a model, and passes it to the `uvr` function in `vr.py`. In `uvr`, a new instance of the `AudioPre` class is created with the `model path` attribute containing the aforementioned user input. In the `AudioPre` class, the user input is used to load the model on that path with `torch.load`, which can lead to unsafe deserialization and remote code execution. As of the time of publication, no known patches exist. **Recommendations** For versions 2.2.231006 and prior, as a temporary workaround, consider disabling the `uvr` function in `vr.py` until a patch is available. Restrict access to the `AudioPre` class to minimize the risk of exploitation. Avoid using the `model choose` variable in the affected code until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The `ckpt path2` variable takes user input, such as a path to a model, and passes it to the `change info ` function. This function opens and reads the file on the given path, changing the final part of the path to `train.log`, and then passes the contents of the file to `eval`, which can lead to remote code execution. As of the time of publication, no known patches exist. **Recommendations** For versions 2.2.231006 and prior, as a temporary workaround, consider restricting the input to the `ckpt path2` variable to prevent malicious paths from being passed to the `change info ` function. Additionally, avoid using the `eval` function with untrusted input until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The variables `exp dir1`, `np7`, `trainset dir4`, and `sr2` take user input and pass it to the `preprocess dataset` function, which concatenates them into a command that is run on the server. This can lead to arbitrary command execution. As of the time of publication, no known patches exist. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The variables `exp dir1`, among others, take user input and pass it to the `click train` function, which concatenates them into a command that is run on the server. This can lead to arbitrary command execution. As of the time of publication, no known patches exist. **Recommendations** For versions 2.2.231006 and prior, as a temporary workaround, consider restricting the input to the `exp dir1` variable and other similar variables to prevent malicious commands from being executed. Additionally, restrict access to the `click train` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The variables `exp dir1`, `np7`, and `f0method8` take user input and pass it into the `extract f0 feature` function, which concatenates them into a command that is run on the server. This can lead to arbitrary command execution. As of the time of publication, no known patches exist. **Recommendations** For versions 2.2.231006 and prior, as a temporary workaround, consider restricting the input to the variables `exp dir1`, `np7`, and `f0method8` to prevent malicious commands from being executed. Additionally, consider disabling the `extract f0 feature` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The `ckpt path0` variable takes user input, such as a path to a model, and passes it to the `change info` function in `process ckpt.py`. This function uses `torch.load` to load the model on that path, which can lead to unsafe deserialization and remote code execution. As of the time of publication, no known patches exist. **Recommendations** For versions 2.2.231006 and prior, as a temporary workaround, consider restricting the input to the `ckpt path0` variable to prevent unsafe deserialization. Additionally, avoid using the `change info` function in `process ckpt.py` until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The `model choose` variable takes user input, such as a path to a model, and passes it to the `uvr` function in `vr.py`. If `model name` contains the string "DeEcho", a new instance of the `AudioPreDeEcho` class is created with the `model path` attribute containing the user input. In the `AudioPreDeEcho` class, the user input is used to load the model on that path with `torch.load`, which can lead to unsafe deserialization and remote code execution. No known patches exist as of the time of publication. **Recommendations** For versions 2.2.231006 and prior, consider disabling the `uvr` function in `vr.py` or restricting the use of the `model choose` variable to minimize the risk of exploitation until a patch is available. Avoid using the `model path` attribute in the `AudioPreDeEcho` class to load models from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.