← back
CVE-2024-32022

Kohya_ss is vulnerable to a command injection in basic_caption_gui.py (GHSL-2024-019)

CVSS 9.1 CRITICALEPSS 3.1%CWE-77
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to command injection in basic_caption_gui.py. This vulnerability is fixed in 23.1.5.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
bmaltais · kohya_ss
public PoCs found1
githubgithub.com/sylwia-budzynska/codeql-workshop10
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/bmaltais/kohya_ss/commit/831af8babeb75faff62bcc6a8c6a4f80354f1ff1https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-m6jq-7j4v-2fg3https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss