CVE-2024-32024

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-32024

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32024.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-32024

Aliases

GHSA-h9fp-j58h-wwrc

Published

2024-04-16T14:42:20Z

Modified

2025-10-22T18:41:59.654691Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Kohya_ss vulenrable to path injection in `common_gui.py` `add_pre_postfix` function (`GHSL-2024-023`)

Details

Kohyass is a GUI for Kohya's Stable Diffusion trainers. Kohyass is vulnerable to a path injection in the common_gui.py add_pre_postfix function. This vulnerability is fixed in 23.1.5.

Database specific

{
    "cwe_ids": [
        "CWE-22"
    ]
}

References

Affected packages

Git / github.com/bmaltais/kohya_ss

Affected ranges

Type: GIT
Repo: https://github.com/bmaltais/kohya_ss
Events: Introduced

6d0a9ba0d2d3fea61d5b0e18e989a34f760d5c61

Fixed

05c6644835951e8b3385c6c1ab39fe6abfc0b3fd

Affected versions

23.*

23.0.4

v22.*

v22.6.1

v22.6.2

v23.*

v23.0.0

v23.0.1

v23.0.10

v23.0.11

v23.0.12

v23.0.13

v23.0.14

v23.0.15

v23.0.2

v23.0.3

v23.0.5

v23.0.6

v23.0.7

v23.0.8

v23.0.9

v23.1.0

v23.1.1

v23.1.2

v23.1.3