CVE-2024-32024

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Apr 16, 2024

Updated: Apr 19, 2024

CWE ID 22

Summary

CVE-2024-32024 is a newly identified vulnerability affecting the Kohya_ss GUI for Kohya's Stable Diffusion trainers. The issue resides in the `common_gui.py` file's `add_pre_postfix` function, which is susceptible to a path injection attack. This vulnerability allows an attacker to manipulate file paths, potentially leading to unintended code execution or data access. The vulnerability has been remedied in version 23.1.5. Users are strongly advised to update their software to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vUyd99
https://www.cve.org/CVERecord?id=CVE-2024-32024
https://nvd.nist.gov/vuln/detail/CVE-2024-32024

Back to Vulnerability Database

CVE-2024-32024

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations