CVE-2024-32024

Description

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `add_pre_postfix` function. This vulnerability is fixed in 23.1.5.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

bmaltais / kohya_ss>= 22.6.1, < 23.1.5 – >= 22.6.1, < 23.1.5

References

VENDOR_ADVISORYhttps://github.com/bmaltais/kohya_ss/security/advisories/GHSA-h9fp-j58h-wwrc
PATCHhttps://github.com/bmaltais/kohya_ss/commit/25bb1303fff21cb5bae17236d53504e85c1866df
VENDOR_ADVISORYhttps://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss