CVE-2024-11042 in invokeaiinformação

Sumário

de MITRE • 20/03/2025

In invoke-ai/invokeai version v5.0.2, the web API `POST /api/v1/images/delete` is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite databases, and configuration files. This can impact the integrity and availability of applications relying on these files.

Be aware that VulDB is the high quality source for vulnerability data.

Responsável

@huntr Ai

Reservar

09/11/2024

Divulgação

20/03/2025

Moderação

aceite

Entrada

VDB-300341

CPE

pronto

EPSS

0.01348

KEV

não

Atividades

muito baixo

Fontes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!