Vulnerabilites related to invoke-ai - invoke-ai/invokeai
cve-2024-10821
Vulnerability from cvelistv5
Published
2025-03-20 10:09
Modified
2025-03-20 18:56
Severity ?
EPSS score ?
Summary
A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server (version v5.0.1) allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and a complete denial of service for all users. The affected endpoint is `/api/v1/images/upload`.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| invoke-ai | invoke-ai/invokeai |
Version: unspecified < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-10821", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T17:54:11.153977Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T18:56:48.412Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "invoke-ai/invokeai", vendor: "invoke-ai", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server (version v5.0.1) allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and a complete denial of service for all users. The affected endpoint is `/api/v1/images/upload`.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:09:17.805Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/0ac24835-c4c0-4f11-938a-d5641dfb80b2", }, ], source: { advisory: "0ac24835-c4c0-4f11-938a-d5641dfb80b2", discovery: "EXTERNAL", }, title: "Denial of Service (DoS) in invoke-ai/invokeai", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-10821", datePublished: "2025-03-20T10:09:17.805Z", dateReserved: "2024-11-04T19:29:23.652Z", dateUpdated: "2025-03-20T18:56:48.412Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-12029
Vulnerability from cvelistv5
Published
2025-03-20 10:08
Modified
2025-03-20 14:33
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious code in model files, which is executed upon loading. This issue is fixed in version 5.4.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| invoke-ai | invoke-ai/invokeai |
Version: unspecified < 5.4.3 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-12029", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T14:32:34.599806Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T14:33:03.024Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://huntr.com/bounties/9b790f94-1b1b-4071-bc27-78445d1a87a3", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "invoke-ai/invokeai", vendor: "invoke-ai", versions: [ { lessThan: "5.4.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious code in model files, which is executed upon loading. This issue is fixed in version 5.4.3.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:08:45.570Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/9b790f94-1b1b-4071-bc27-78445d1a87a3", }, { url: "https://github.com/invoke-ai/invokeai/commit/756008dc5899081c5aa51e5bd8f24c1b3975a59e", }, ], source: { advisory: "9b790f94-1b1b-4071-bc27-78445d1a87a3", discovery: "EXTERNAL", }, title: "Remote Code Execution via Model Deserialization in invoke-ai/invokeai", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-12029", datePublished: "2025-03-20T10:08:45.570Z", dateReserved: "2024-12-02T15:06:57.890Z", dateUpdated: "2025-03-20T14:33:03.024Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11042
Vulnerability from cvelistv5
Published
2025-03-20 10:08
Modified
2025-03-20 19:01
Severity ?
EPSS score ?
Summary
In invoke-ai/invokeai version v5.0.2, the web API `POST /api/v1/images/delete` is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite databases, and configuration files. This can impact the integrity and availability of applications relying on these files.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| invoke-ai | invoke-ai/invokeai |
Version: unspecified < 5.3.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-11042", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T17:54:43.743170Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T19:01:26.093Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "invoke-ai/invokeai", vendor: "invoke-ai", versions: [ { lessThan: "5.3.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In invoke-ai/invokeai version v5.0.2, the web API `POST /api/v1/images/delete` is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite databases, and configuration files. This can impact the integrity and availability of applications relying on these files.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:08:52.134Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/635535a7-c804-4789-ac3a-48d951263987", }, { url: "https://github.com/invoke-ai/invokeai/commit/5440c037674882b2ab7acd59087e9bb04b49657a", }, ], source: { advisory: "635535a7-c804-4789-ac3a-48d951263987", discovery: "EXTERNAL", }, title: "Arbitrary File Delete in invoke-ai/invokeai", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-11042", datePublished: "2025-03-20T10:08:52.134Z", dateReserved: "2024-11-09T05:38:31.798Z", dateUpdated: "2025-03-20T19:01:26.093Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11043
Vulnerability from cvelistv5
Published
2025-03-20 10:11
Modified
2025-03-20 13:32
Severity ?
EPSS score ?
Summary
A Denial of Service (DoS) vulnerability was discovered in the /api/v1/boards/{board_id} endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the board_name field during a PATCH request. By sending a large payload, the UI becomes unresponsive, rendering it impossible for users to interact with or manage the affected board. Additionally, the option to delete the board becomes inaccessible, amplifying the severity of the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| invoke-ai | invoke-ai/invokeai |
Version: unspecified < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-11043", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T13:32:44.068715Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T13:32:48.412Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://huntr.com/bounties/9270900a-b8b7-402f-aee5-432d891e5648", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "invoke-ai/invokeai", vendor: "invoke-ai", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A Denial of Service (DoS) vulnerability was discovered in the /api/v1/boards/{board_id} endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the board_name field during a PATCH request. By sending a large payload, the UI becomes unresponsive, rendering it impossible for users to interact with or manage the affected board. Additionally, the option to delete the board becomes inaccessible, amplifying the severity of the issue.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:11:14.925Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/9270900a-b8b7-402f-aee5-432d891e5648", }, ], source: { advisory: "9270900a-b8b7-402f-aee5-432d891e5648", discovery: "EXTERNAL", }, title: "Denial of Service (DoS) via Large Payload in Board Name Field in invoke-ai/invokeai", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-11043", datePublished: "2025-03-20T10:11:14.925Z", dateReserved: "2024-11-09T06:12:15.499Z", dateUpdated: "2025-03-20T13:32:48.412Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }