CVE-2024-32027

Description

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22.6.1 is vulnerable to command injection in `finetune_gui.py` This vulnerability is fixed in 23.1.5.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Affected products

bmaltais / kohya_ss>= 22.6.1, < 23.1.5 – >= 22.6.1, < 23.1.5

References

VENDOR_ADVISORYhttps://github.com/bmaltais/kohya_ss/security/advisories/GHSA-8h78-3vqm-xw83
PATCHhttps://github.com/bmaltais/kohya_ss/commit/831af8babeb75faff62bcc6a8c6a4f80354f1ff1
VENDOR_ADVISORYhttps://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss