78 matches found
CVE-2024-32027
Kohyass is a GUI for Kohya's Stable Diffusion trainers. Kohyass v22.6.1 is vulnerable to command injection in finetunegui.py This vulnerability is fixed in 23.1.5...
CVE-2024-32027 Kohya_ss is vulnerable to a command injection in `finetune_gui.py` (`GHSL-2024-022`)
Kohyass is a GUI for Kohya's Stable Diffusion trainers. Kohyass v22.6.1 is vulnerable to command injection in finetunegui.py This vulnerability is fixed in 23.1.5...
CVE-2024-32027 Kohya_ss is vulnerable to a command injection in `finetune_gui.py` (`GHSL-2024-022`)
Kohyass is a GUI for Kohya's Stable Diffusion trainers. Kohyass v22.6.1 is vulnerable to command injection in finetunegui.py This vulnerability is fixed in 23.1.5...
CVE-2024-32025 Kohya_ss is vulnerable to a command injection in `group_images_gui.py` (`GHSL-2024-021`)
Kohyass is a GUI for Kohya's Stable Diffusion trainers. Kohyass is vulnerable to a command injection in groupimagesgui.py. This vulnerability is fixed in 23.1.5...
CVE-2024-32024 Kohya_ss vulenrable to path injection in `common_gui.py` `add_pre_postfix` function (`GHSL-2024-023`)
Kohyass is a GUI for Kohya's Stable Diffusion trainers. Kohyass is vulnerable to a path injection in the commongui.py addprepostfix function. This vulnerability is fixed in 23.1.5...
CVE-2024-31462
stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...
CVE-2024-31462 Limited file write in Stable-diffusion-webui - GHSL-2024-010
stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...
CVE-2024-31462 Limited file write in Stable-diffusion-webui - GHSL-2024-010
stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...
CVE-2024-31462
The CVE-2024-31462 entry concerns stable-diffusion-webui (v1.7.0) with a limited file write vulnerability. The root cause is in the create_ui function (Backup/Restore tab) within modules/ui_extensions.py, where user input is captured into config_save_name and later used to form a file path that i...
CVE-2024-31462 Limited file write in Stable-diffusion-webui - GHSL-2024-010
stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...
PT-2024-24093 · Unknown · Stable-Diffusion-Webui
Name of the Vulnerable Software and Affected Versions: stable-diffusion-webui version 1.7.0 Description: The issue is related to a limited file write affecting Windows systems. It occurs in the create ui method Backup/Restore tab in modules/ui extensions.py, where user input is taken into the...
Stable Diffusion web UI 安全漏洞
Stable Diffusion web UI is a web interface by the individual developer of AUTOMATIC1111. A security vulnerability exists in Stable Diffusion web UI version 1.7.0, which stems from the presence of a file write vulnerability. An attacker can exploit the vulnerability to write a json file anywhere t...
Stable Diffusion WebUI Remote Command Execution Vulnerability
Stable Diffusion WebUI is an AI image processing tool developed by AUTOMATIC1111 based on the Stable Diffusion AI model, which supports file creation and image creation. A remote command execution vulnerability in Stable Diffusion WebUI, which is caused by not filtering user input when installing...
CVE-2023-46315
The zanllp sd-webui-infinite-image-browsing aka Infinite Image Browsing extension before 977815a for stable-diffusion-webui aka Stable Diffusion web UI, if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL,...
CVE-2023-46315
The zanllp sd-webui-infinite-image-browsing aka Infinite Image Browsing extension before 977815a for stable-diffusion-webui aka Stable Diffusion web UI, if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL,...
Authentication flaw
The zanllp sd-webui-infinite-image-browsing aka Infinite Image Browsing extension before 977815a for stable-diffusion-webui aka Stable Diffusion web UI, if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL,...
CVE-2023-46315
The zanllp sd-webui-infinite-image-browsing aka Infinite Image Browsing extension before 977815a for stable-diffusion-webui aka Stable Diffusion web UI, if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL,...
CVE-2023-46315
The CVE-2023-46315 issue affects the sd-webui-infinite-image-browsing extension for stable-diffusion-webui up to version 977815a. If Gradio authentication is enabled without a secret key, an unauthenticated remote attacker can read local files via the /file?path= endpoint, with demonstrations inc...