A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the function VoicebankInstaller of the file OpenUtau.Core/Classic/VoicebankInstaller.cs of the component ZIP Archive Handler. The manipulation leads to path traversal. Upgrading to version 0.0.991 is able to address this issue. The identifier of the patch is 849a0a6912aac8b1c28cc32aa1132a3140caff4a. It is recommended to upgrade the affected component. The identifier VDB-217617 was assigned to this vulnerability.
References
Link | Resource |
---|---|
https://github.com/stakira/OpenUtau/commit/849a0a6912aac8b1c28cc32aa1132a3140caff4a | Patch |
https://github.com/stakira/OpenUtau/pull/544 | Patch |
https://github.com/stakira/OpenUtau/releases/tag/build%2F0.0.991 | Release Notes |
https://vuldb.com/?ctiid.217617 | Permissions Required |
https://vuldb.com/?id.217617 | Third Party Advisory |
Configurations
History
21 Mar 2024, 02:44
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Oct 2023, 02:57
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
References | (MISC) https://vuldb.com/?ctiid.217617 - Permissions Required | |
References | (MISC) https://github.com/stakira/OpenUtau/pull/544 - Patch |
20 Oct 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
Summary | A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the function VoicebankInstaller of the file OpenUtau.Core/Classic/VoicebankInstaller.cs of the component ZIP Archive Handler. The manipulation leads to path traversal. Upgrading to version 0.0.991 is able to address this issue. The identifier of the patch is 849a0a6912aac8b1c28cc32aa1132a3140caff4a. It is recommended to upgrade the affected component. The identifier VDB-217617 was assigned to this vulnerability. |
12 Jan 2023, 18:54
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:openutau:openutau:*:*:*:*:*:*:*:* | |
First Time |
Openutau
Openutau openutau |
|
References | (MISC) https://github.com/stakira/OpenUtau/releases/tag/build%2F0.0.991 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/stakira/OpenUtau/pull/544 - Exploit, Patch, Third Party Advisory | |
References | (MISC) https://github.com/stakira/OpenUtau/commit/849a0a6912aac8b1c28cc32aa1132a3140caff4a - Patch, Third Party Advisory | |
References | (MISC) https://vuldb.com/?ctiid.217617 - Third Party Advisory | |
References | (MISC) https://vuldb.com/?id.217617 - Third Party Advisory |
07 Jan 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-07 13:15
Updated : 2024-05-17 02:17
NVD link : CVE-2022-4880
Mitre link : CVE-2022-4880
CVE.ORG link : CVE-2022-4880
JSON object : View
Products Affected
openutau
- openutau
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')