Vulnerability Details CVE-2024-32027
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22.6.1 is vulnerable to command injection in `finetune_gui.py` This vulnerability is fixed in 23.1.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.023
EPSS Ranking 84.1%
CVSS Severity
CVSS v3 Score 9.1
References
- https://github.com/bmaltais/kohya_ss/commit/831af8babeb75faff62bcc6a8c6a4f80354f1ff1
- https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-8h78-3vqm-xw83
- https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss
- https://github.com/bmaltais/kohya_ss/commit/831af8babeb75faff62bcc6a8c6a4f80354f1ff1
- https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-8h78-3vqm-xw83
- https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss
Products affected by CVE-2024-32027
-
cpe:2.3:a:bmaltais:kohya_ss:22.6.1
-
cpe:2.3:a:bmaltais:kohya_ss:22.6.2
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.0
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.1
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.10
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.11
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.12
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.13
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.14
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.15
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.2
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.3
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.4
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.5
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.6
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.7
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.8
-
cpe:2.3:a:bmaltais:kohya_ss:23.0.9
-
cpe:2.3:a:bmaltais:kohya_ss:23.1.0
-
cpe:2.3:a:bmaltais:kohya_ss:23.1.1
-
cpe:2.3:a:bmaltais:kohya_ss:23.1.15
-
cpe:2.3:a:bmaltais:kohya_ss:23.1.2
-
cpe:2.3:a:bmaltais:kohya_ss:23.1.3
-
cpe:2.3:a:bmaltais:kohya_ss:23.1.5