CVE-2024-32024

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-32024
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32024.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-32024
Aliases
  • GHSA-h9fp-j58h-wwrc
Published
2024-04-16T14:42:20.969Z
Modified
2025-12-05T04:19:19.293570Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Kohya_ss vulenrable to path injection in `common_gui.py` `add_pre_postfix` function (`GHSL-2024-023`)
Details

Kohyass is a GUI for Kohya's Stable Diffusion trainers. Kohyass is vulnerable to a path injection in the common_gui.py add_pre_postfix function. This vulnerability is fixed in 23.1.5.

Database specific 
{
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32024.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/bmaltais/kohya_ss

Affected ranges

Type
GIT
Repo
https://github.com/bmaltais/kohya_ss
Events
Introduced
6d0a9ba0d2d3fea61d5b0e18e989a34f760d5c61
Fixed
05c6644835951e8b3385c6c1ab39fe6abfc0b3fd

Affected versions

23.*

23.0.4

v22.*

v22.6.1
v22.6.2

v23.*

v23.0.0
v23.0.1
v23.0.10
v23.0.11
v23.0.12
v23.0.13
v23.0.14
v23.0.15
v23.0.2
v23.0.3
v23.0.5
v23.0.6
v23.0.7
v23.0.8
v23.0.9
v23.1.0
v23.1.1
v23.1.2
v23.1.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32024.json"