CVE-2024-11043

🗓️ 20 Mar 2025 10:11:14Reported by @huntr_aiType

cve🔗 web.nvd.nist.gov👁 37 Views🌐 WEB

Denial of Service vulnerability in invoke-ai v5.0.2 affects board management endpoint.

Reporter	Title	Published	Views	Family All 9
CNNVD	Invoke 安全漏洞	20 Mar 202500:00	–	cnnvd
Cvelist	CVE-2024-11043 Denial of Service (DoS) via Large Payload in Board Name Field in invoke-ai/invokeai	20 Mar 202510:11	–	cvelist
EUVD	EUVD-2025-7057	3 Oct 202520:07	–	euvd
Github Security Blog	InvokeAI Uncontrolled Resource Consumption vulnerability	20 Mar 202512:32	–	github
NVD	CVE-2024-11043	20 Mar 202510:15	–	nvd
OSV	GHSA-FFH5-W482-C7M5 InvokeAI Uncontrolled Resource Consumption vulnerability	20 Mar 202512:32	–	osv
RedhatCVE	CVE-2024-11043	22 Mar 202511:37	–	redhatcve
Snyk	Denial of Service (DoS)	20 Mar 202512:32	–	snyk
Vulnrichment	CVE-2024-11043 Denial of Service (DoS) via Large Payload in Board Name Field in invoke-ai/invokeai	20 Mar 202510:11	–	vulnrichment

[
  {
    "vendor": "invoke-ai",
    "product": "invoke-ai/invokeai",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]

Source	Link
huntr	www.huntr.com/bounties/9270900a-b8b7-402f-aee5-432d891e5648

Parameter	Position	Path	Description	CWE
board_name	request body	/api/v1/boards/{board_id}	DoS via oversized payload in PATCH to /api/v1/boards/{board_id} causing UI to become unresponsive and delete option to be inaccessible.	CWE-400

15 Apr 2026 00:35Current

7.5High risk

Vulners AI Score7.5

CVSS 37.5

EPSS0.00203

SSVC

CWE-400