CVE-2024-39688

Name of the Vulnerable Software and Affected Versions Bert-VITS2 versions 2.3 and earlier

Description The issue is related to the data dir variable, where user input is concatenated with other folders and used to open a new file in the generate config function, leading to a limited file write. This allows for writing a /config/config.json file in an arbitrary directory on the server. If a given directory path does not exist, the application will return an error, which could also be used to gain information about existing directories on the server.

Recommendations For versions 2.3 and earlier, consider restricting access to the generate config function until a patch is available. As a temporary workaround, avoid using the data dir variable in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.