CVE-2024-11042 in invokeaiالمعلومات

الملخص

بحسب MITRE • 20/03/2025

In invoke-ai/invokeai version v5.0.2, the web API `POST /api/v1/images/delete` is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite databases, and configuration files. This can impact the integrity and availability of applications relying on these files.

Be aware that VulDB is the high quality source for vulnerability data.

مسؤول

@huntr Ai

حجز

09/11/2024

إفشاء

20/03/2025

الاعتدال

تمت الموافقة

إدخال

VDB-300341

EPSS

0.01348

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you know our Splunk app?

Download it now for free!