CVE-2024-12374

CVE-2024-12374 : Stored XSS in automatic1111/stable-diffusion-webui (git 82a973c). An attacker can upload an HTML file that the app treats as content-type application/html; when a victim visits the malicious link, arbitrary JavaScript runs in the browser. Connected documents confirm the vulnerabi...

Stable Diffusion web UI 资源管理错误漏洞

Stable Diffusion web UI is a web interface for AUTOMATIC1111 individual developers. A resource management error vulnerability exists in Stable Diffusion web UI version 1.10.0, which stems from improper handling of form-data in a file upload request and could lead to a denial of service attack...

Authentication flaw

The zanllp sd-webui-infinite-image-browsing aka Infinite Image Browsing extension before 977815a for stable-diffusion-webui aka Stable Diffusion web UI, if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL,...

CVE-2023-46315

The zanllp sd-webui-infinite-image-browsing aka Infinite Image Browsing extension before 977815a for stable-diffusion-webui aka Stable Diffusion web UI, if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL,...

CVE-2023-46315

The CVE-2023-46315 issue affects the sd-webui-infinite-image-browsing extension for stable-diffusion-webui up to version 977815a. If Gradio authentication is enabled without a secret key, an unauthenticated remote attacker can read local files via the /file?path= endpoint, with demonstrations inc...