Sylwia-Budzynska

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions 20250228v3 and prior **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A command injection issue exists in the `webui.py` `open slice` function. User-supplied input to `slice opt root` and `slice-inp-path` is concatenated into a command and executed on the server, potentially leading to arbitrary command execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions 20250228v3 and prior **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. An unsafe deserialization issue exists in the `inference webui.py` file. The application takes user input via the `gpt path` variable and passes it to the `torch.load` function, resulting in unsafe deserialization. The `GPT dropdown` variable receives user input which is then passed to the `change gpt weights` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions 20250228v3 and prior **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A flaw exists due to unsafe deserialization in the vr.py AudioPre module. The `model choose` variable accepts user-supplied input, including a path to a model, and passes it to the uvr function. Within uvr, an instance of the AudioPre class is created, utilizing the user-provided input as the `model path` attribute, with the `.pth` extension appended. The AudioPre class then uses this `model path` to load the model using `torch.load`, which can result in unsafe deserialization. **Recommendations** Versions prior to 20250228v3 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions 20250228v3 and prior **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A flaw exists in `process ckpt.py` due to unsafe deserialization. The `SoVITS dropdown` variable accepts user input, which is then passed to the `load sovits new` function within `process ckpt.py`. The `sovits path` input is used with `torch.load` to load a model, resulting in unsafe deserialization. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions prior to 20250228v3 **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A command injection issue exists in the `webui.py` `open asr` function. The `asr inp dir` variable (and other variables) accepts user input, which is then incorporated into a command and executed on the server, potentially allowing for arbitrary command execution. **Recommendations** Versions prior to 20250228v3 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions 20250228v3 and prior **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A flaw exists due to unsafe deserialization in the vr.py AudioPreDeEcho component. The `model choose` variable accepts user-supplied input, such as a model path, and transmits it to the uvr function. Within uvr, an instance of the AudioPreDeEcho class is created, utilizing the user input as the `model path` attribute after appending the '.pth' extension. The AudioPreDeEcho class then uses this user input to load a model via `torch.load`, potentially leading to unsafe deserialization. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions prior to 20250228v3 **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A command injection issue exists in the `change label` function within the `webui.py` file. The `path list` variable takes user input, which is then incorporated into a command and executed on the server, potentially allowing for arbitrary command execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions 20250228v3 and prior **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A command injection issue exists in the `webui.py` `open denoise` function. The `denoise inp dir` and `denoise opt dir` parameters accept user input, which is then incorporated into a command and executed on the server, potentially allowing for arbitrary command execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT-SoVITS-WebUI versions 20250228v3 and prior **Description** GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A deserialization issue exists in the `bsroformer.py` file. The `model choose` variable accepts user-supplied input, such as a model path, and passes it to the `uvr` function. Within `uvr`, a `Roformer Loader` class instance is created, utilizing the user input as the `model path` attribute after appending the `.ckpt` extension. The `Roformer Loader` class then uses this user-controlled `model path` with `torch.load`, potentially leading to unsafe deserialization. **Recommendations** Versions prior to 20250228v3: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The `model choose` variable takes user input, such as a path to a model, and passes it to the `uvr` function in `vr.py`. If `model name` contains the string "DeEcho", a new instance of the `AudioPreDeEcho` class is created with the `model path` attribute containing the user input. In the `AudioPreDeEcho` class, the user input is used to load the model on that path with `torch.load`, which can lead to unsafe deserialization and remote code execution. No known patches exist as of the time of publication. **Recommendations** For versions 2.2.231006 and prior, consider disabling the `uvr` function in `vr.py` or restricting the use of the `model choose` variable to minimize the risk of exploitation until a patch is available. Avoid using the `model path` attribute in the `AudioPreDeEcho` class to load models from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The issue arises from unsafe deserialization. The `ckpt dir` variable takes user input, such as a path to a model, and passes it to the `change info` function in `export.py`. This function uses `torch.load` to load the model from the provided path, which can lead to unsafe deserialization and remote code execution. As of the time of publication, no known patches exist. **Recommendations** For versions 2.2.231006 and prior, consider disabling the `change info` function in `export.py` or restricting user input for the `ckpt dir` variable to prevent unsafe deserialization until a patch is available. Avoid using the `ckpt dir` variable in the affected `export.py` file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** The issue concerns unsafe deserialization in the Retrieval-based-Voice-Conversion-WebUI voice changing framework, which is based on VITS. The `ckpt path2` variable takes user input, such as a path to a model, and passes it to the `extract small model` function in `process ckpt.py`. This function uses `torch.load` to load the model from the provided path, leading to potential unsafe deserialization and remote code execution. No known patches exist for this issue as of the time of publication. **Recommendations** For versions 2.2.231006 and prior, as a temporary workaround, consider restricting the use of the `ckpt path2` variable and the `extract small model` function in `process ckpt.py` to minimize the risk of exploitation. Avoid using the `torch.load` function with untrusted input until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The `ckpt path1` variable takes user input, such as a path to a model, and passes it to the `show info` function in `process ckpt.py`. This function uses `torch.load` to load the model on that path, which can lead to unsafe deserialization and remote code execution. As of the time of publication, no known patches exist. **Recommendations** For versions 2.2.231006 and prior, as a temporary workaround, consider restricting the use of the `ckpt path1` variable and the `show info` function in `process ckpt.py` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The `model choose` variable takes user input, such as a path to a model, and passes it to the `uvr` function in `vr.py`. In `uvr`, a new instance of the `AudioPre` class is created with the `model path` attribute containing the aforementioned user input. In the `AudioPre` class, the user input is used to load the model on that path with `torch.load`, which can lead to unsafe deserialization and remote code execution. As of the time of publication, no known patches exist. **Recommendations** For versions 2.2.231006 and prior, as a temporary workaround, consider disabling the `uvr` function in `vr.py` until a patch is available. Restrict access to the `AudioPre` class to minimize the risk of exploitation. Avoid using the `model choose` variable in the affected code until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior **Description** The issue concerns a voice changing framework based on VITS, where unsafe deserialization can occur. The `ckpt a` and `cpkt b` variables take user input, such as a path to a model, and pass it to the `merge` function in `process ckpt.py`. This function uses `torch.load` to load models from the provided paths, which can lead to unsafe deserialization and remote code execution. No known patches exist as of the time of publication. **Recommendations** For versions 2.2.231006 and prior, consider disabling the `merge` function in `process ckpt.py` until a patch is available to prevent unsafe deserialization. Restrict access to the `ckpt a` and `cpkt b` variables to minimize the risk of exploitation. Avoid using the `torch.load` function with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Applio versions 3.2.8-bugfix and prior **Description** The issue affects a voice conversion tool and may lead to writing arbitrary files on the server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. The vulnerable component is the `inference.py` file. **Recommendations** For versions 3.2.8-bugfix and prior, as a temporary workaround, consider restricting access to the `inference.py` file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Applio versions 3.2.8-bugfix and prior **Description** The issue affects a voice conversion tool and may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files from servers on the internal network that the Applio server has access to. The problem lies in the `export pth` function in train.py. **Recommendations** For versions 3.2.8-bugfix and prior, as a temporary workaround, consider disabling the `export pth` function in train.py until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Applio versions 3.2.8-bugfix and prior **Description** The issue affects a voice conversion tool, allowing for arbitrary file write in the train.py file. This can lead to writing arbitrary files on the server and potentially achieve remote code execution when combined with unsafe deserialization. **Recommendations** For versions 3.2.8-bugfix and prior, as a temporary workaround, consider restricting access to the train.py file until a patch is available. Avoid using the vulnerable function in conjunction with unsafe deserialization to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Applio versions 3.2.8-bugfix and prior **Description** Applio is a voice conversion tool vulnerable to unsafe deserialization in `model blender.py` lines 20 and 21. The functions `model fusion a` and `model fusion b` from `voice blender.py` accept user-supplied input, such as a model path, and pass this value to the `run model blender script` function, which then passes it to the `model blender` function. This function uses `torch.load` in `model blender.py` (lines 20-21) to load models, creating a vulnerability to unsafe deserialization. This issue can lead to remote code execution. **Recommendations** Applio versions prior to 3.2.8-bugfix should be updated to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `model fusion a` and `model fusion b` functions in `voice blender.py` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Applio versions 3.2.8-bugfix and prior **Description** Applio is a voice conversion tool vulnerable to unsafe deserialization in `infer.py`. This issue can lead to remote code execution. A fix was available on the `main` branch of the Applio repository at the time of publication, but it was not attached to a numbered release. **Recommendations** Applio versions prior to 3.2.8-bugfix are affected. Update to a version with the fix available on the `main` branch of the Applio repository.