CVE-2024-32022

CRITICAL

Kohya_ss - Command Injection

Title source: llm

Description

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to command injection in basic_caption_gui.py. This vulnerability is fixed in 23.1.5.

Exploits (1)

nomisec STUB 2 stars
by sylwia-budzynska · poc
https://github.com/sylwia-budzynska/codeql-workshop

References (3)

Scores

CVSS v3 9.1
EPSS 0.0296
EPSS Percentile 86.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-77
Status published
Products (1)
bmaltais/kohya_ss 22.6.1 - 23.1.15
Published Apr 16, 2024
Tracked Since Feb 18, 2026