Vulnerability Details CVE-2024-32025
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.9%
CVSS Severity
CVSS v3 Score 9.1
References
- https://github.com/bmaltais/kohya_ss/commit/831af8babeb75faff62bcc6a8c6a4f80354f1ff1
- https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-qprv-9pg5-h33c
- https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss
- https://github.com/bmaltais/kohya_ss/commit/831af8babeb75faff62bcc6a8c6a4f80354f1ff1
- https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-qprv-9pg5-h33c
- https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss
Products affected by CVE-2024-32025
-
cpe:2.3:a:bmaltais:kohya_ss:22.6.1
-
cpe:2.3:a:bmaltais:kohya_ss:22.6.2
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.0
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.1
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.10
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.11
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.12
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.13
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.14
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.15
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.2
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.3
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.4
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.5
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.6
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.7
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.8
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.9
-
cpe:2.3:a:bmaltais:kohya_ss:23.1.0
-
cpe:2.3:a:bmaltais:kohya_ss:23.1.1
-
cpe:2.3:a:bmaltais:kohya_ss:23.1.15
-
cpe:2.3:a:bmaltais:kohya_ss:23.1.2
-
cpe:2.3:a:bmaltais:kohya_ss:23.1.3
-
cpe:2.3:a:bmaltais:kohya_ss:23.1.5