Kohya_ss Vulnerable to Path Injection in `common_gui.py` Function
CVE-2024-32024

6.5MEDIUM

Key Information:

Vendor

Bmaltais

Status
Kohya Ss
Vendor
CVE Published:
16 April 2024

What is CVE-2024-32024?

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the common_gui.py add_pre_postfix function. This vulnerability is fixed in 23.1.5.

Affected Version(s)

kohya_ss >= 22.6.1, < 23.1.5

References

https://github.com/bmaltais/kohya_ss/security/advisories/...
x_refsource_CONFIRM
https://github.com/bmaltais/kohya_ss/commit/25bb1303fff21...
x_refsource_MISC
https://securitylab.github.com/advisories/GHSL-2024-019_G...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.