Digital Avatar Conversational System - Linly-Talker. 😄✨ Linly-Talker is an intelligent AI system that combines large language models (LLMs) with visual models to create a novel human-AI interaction method. 🤝🤖 It integrates various technologies like Whisper, Linly, Microsoft Speech Services, and SadTalker talking head generation system. 🌟🔬
Code injection could happen via environment variable.
In code here, it directly eval the value from environment variable. A malicous local actor could set something like export is_half='os.system("touch rickroll")' to execute arbitrary commands. It would be better to use ast.literal_eval here.
For ref, this issue is similar to CVE-2022-2054.
Code injection could happen via environment variable. In code here, it directly eval the value from environment variable. A malicous local actor could set something like
export is_half='os.system("touch rickroll")'
to execute arbitrary commands. It would be better to useast.literal_eval
here. For ref, this issue is similar to CVE-2022-2054.