CVE-2022-4880

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-4880
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-4880.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-4880
Published
2023-01-07T13:15:09Z
Modified
2025-01-08T14:32:48.828256Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the function VoicebankInstaller of the file OpenUtau.Core/Classic/VoicebankInstaller.cs of the component ZIP Archive Handler. The manipulation leads to path traversal. Upgrading to version 0.0.991 is able to address this issue. The identifier of the patch is 849a0a6912aac8b1c28cc32aa1132a3140caff4a. It is recommended to upgrade the affected component. The identifier VDB-217617 was assigned to this vulnerability.

References

Affected packages

Git / github.com/stakira/openutau

Affected ranges

Type
GIT
Repo
https://github.com/stakira/openutau
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Other

OpenUtau-Latest

build/0.*

build/0.0.923
build/0.0.929
build/0.0.932
build/0.0.935
build/0.0.938
build/0.0.939
build/0.0.941
build/0.0.942
build/0.0.945
build/0.0.949
build/0.0.951
build/0.0.965
build/0.0.969
build/0.0.970
build/0.0.976
build/0.0.979
build/0.0.981