A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function
onSpeechDone
of the file app.js. The manipulation leads to os command injection.
This vulnerability was named CVE-2019-25158. The attack can only be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.