CVE-2024-32024

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `add_pre_postfix` function. This vulnerability is fixed in 23.1.5.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/bmaltais/kohya_ss/commit/25bb1303fff21cb5bae17236d53504e85c1866df
https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-h9fp-j58h-wwrc
https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss

Configurations

No configuration.

History

19 Apr 2024, 16:15

Type	Values Removed	Values Added
References		() https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss -

17 Apr 2024, 12:48

Type	Values Removed	Values Added
Summary		(es) Kohya_ss es una GUI para los entrenadores Stable Diffusion de Kohya. Kohya_ss es vulnerable a una inyección de ruta en la función `common_gui.py` `add_pre_postfix`. Esta vulnerabilidad se solucionó en 23.1.5.

16 Apr 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-16 15:15

Updated : 2024-04-19 16:15

NVD link : CVE-2024-32024

Mitre link : CVE-2024-32024

CVE.ORG link : CVE-2024-32024

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

6.5 /10