Impact
What kind of vulnerability is it? Who is impacted?
This security issue is that the API key for ElevenLabs is stored in the config.json file in the root directory of wherever the program is. This impacts everyone using the software as of v0.5
Patches
Has the problem been patched? What versions should users upgrade to?
The problem has not been patched yet. The problem will be patched before v1.0
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
A workaround is just to not share your config.json, as long as you do not show anyone, share, and nobody has or had access to your config.json file, you are safe.
If you know, or are suspicious of anyone having your API key, please visit the ElevenLabs App website, sign in, click on your profile on the bottom left, press "Profile + API key" and click on the circle with arrows icon to randomly generate a new API key. After that, go to where you installed the program (if you used the installer default location should be in "C:\Program Files\VC1") and delete the config.json file. After that, you should be able to use the program and enter your new API key and use the program normally.
References
Are there any links users can visit to find out more?
To find out what people can do with your ElevenLabs API key and to see how dangerous this is, you may visit their API Reference site.
Impact
What kind of vulnerability is it? Who is impacted?
This security issue is that the API key for ElevenLabs is stored in the config.json file in the root directory of wherever the program is. This impacts everyone using the software as of v0.5
Patches
Has the problem been patched? What versions should users upgrade to?
The problem has not been patched yet. The problem will be patched before v1.0
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
A workaround is just to not share your config.json, as long as you do not show anyone, share, and nobody has or had access to your config.json file, you are safe.
If you know, or are suspicious of anyone having your API key, please visit the ElevenLabs App website, sign in, click on your profile on the bottom left, press "Profile + API key" and click on the circle with arrows icon to randomly generate a new API key. After that, go to where you installed the program (if you used the installer default location should be in "C:\Program Files\VC1") and delete the config.json file. After that, you should be able to use the program and enter your new API key and use the program normally.
References
Are there any links users can visit to find out more?
To find out what people can do with your ElevenLabs API key and to see how dangerous this is, you may visit their API Reference site.