CVE-2024-10821

🗓️ 20 Mar 2025 10:09:17Reported by @huntr_aiType

cve🔗 web.nvd.nist.gov👁 37 Views🌐 WEB

Denial of Service vulnerability in Invoke-AI server allows unauthenticated attacks causing resource exhaustion.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-10821	20 May 202603:00	–	circl
CNNVD	Invoke 资源管理错误漏洞	20 Mar 202500:00	–	cnnvd
Cvelist	CVE-2024-10821 Denial of Service (DoS) in invoke-ai/invokeai	20 Mar 202510:09	–	cvelist
EUVD	EUVD-2025-7093	3 Oct 202520:07	–	euvd
Github Security Blog	InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload`	20 Mar 202512:32	–	github
NVD	CVE-2024-10821	20 Mar 202510:15	–	nvd
OSV	GHSA-6F6X-F56Q-5XGV InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload`	20 Mar 202512:32	–	osv
RedhatCVE	CVE-2024-10821	22 Mar 202512:02	–	redhatcve
Snyk	Denial of Service (DoS)	20 Mar 202512:32	–	snyk
Vulnrichment	CVE-2024-10821 Denial of Service (DoS) in invoke-ai/invokeai	20 Mar 202510:09	–	vulnrichment

[
  {
    "vendor": "invoke-ai",
    "product": "invoke-ai/invokeai",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]

Source	Link
huntr	www.huntr.com/bounties/0ac24835-c4c0-4f11-938a-d5641dfb80b2

Parameter	Position	Path	Description	CWE
Content-Type	header	/api/v1/images/upload	DoS via crafted multipart boundary causing excessive resource consumption/infinite loop during boundary processing	CWE-835

15 Apr 2026 00:35Current

7.5High risk

Vulners AI Score7.5

CVSS 37.5

EPSS0.00059

SSVC

CWE-835