Homepage

invokeai@4.0.0 vulnerabilities

An implementation of Stable Diffusion which provides various new features and options to aid the image generation process

  • latest version

    5.10.1

  • first published

    2 years ago

  • latest version published

    11 hours ago

  • licenses detected

  • View invokeai package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the invokeai package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Denial of Service (DoS)

    InvokeAI is an An implementation of Stable Diffusion which provides various new features and options to aid the image generation process

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the board_name field during a PATCH request to the /api/v1/boards/{board_id} endpoint. An attacker can cause the UI to become unresponsive, preventing users from interacting with or managing the affected board by sending an excessively large payload.

    How to fix Denial of Service (DoS)?

    There is no fixed version for InvokeAI.

    [0,)
    • H
    Denial of Service (DoS)

    InvokeAI is an An implementation of Stable Diffusion which provides various new features and options to aid the image generation process

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the multipart request boundary processing mechanism. An attacker can cause excessive resource consumption and trigger an infinite loop, leading to a complete denial of service for all users by appending excessive characters to the end of multipart boundaries.

    How to fix Denial of Service (DoS)?

    There is no fixed version for InvokeAI.

    [0,)
    • H
    Directory Traversal

    InvokeAI is an An implementation of Stable Diffusion which provides various new features and options to aid the image generation process

    Affected versions of this package are vulnerable to Directory Traversal through the web API POST /api/v1/images/delete. An attacker can delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite databases, and configuration files, by sending a crafted request to the endpoint.

    How to fix Directory Traversal?

    Upgrade InvokeAI to version 5.3.0rc1 or higher.

    [,5.3.0rc1)
    Go back to all versions of this package