Yu Ishibashi

**Name of the Vulnerable Software and Affected Versions** UTAU versions prior to v0.4.19 **Description** An OS command injection issue exists, allowing the execution of arbitrary OS commands if a user opens a crafted UTAU project file (.ust file). **Recommendations** For versions prior to v0.4.19, update to version v0.4.19 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted UTAU project files (.ust files) until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** UTAU versions prior to v0.4.19 **Description** A path traversal issue exists, allowing an arbitrary file to be placed if a user installs a crafted UTAU voicebank installer, such as a .uar or .zip file, to UTAU. **Recommendations** For versions prior to v0.4.19, update to version v0.4.19 or later to resolve the issue. As a temporary workaround, consider avoiding the installation of untrusted UTAU voicebank installers until the issue is resolved.