CVE-2024-32025

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-32025
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32025.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-32025
Aliases
  • GHSA-qprv-9pg5-h33c
Published
2024-04-16T14:44:21.648Z
Modified
2025-12-05T04:19:17.328645Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Kohya_ss is vulnerable to a command injection in `group_images_gui.py` (`GHSL-2024-021`)
Details

Kohyass is a GUI for Kohya's Stable Diffusion trainers. Kohyass is vulnerable to a command injection in group_images_gui.py. This vulnerability is fixed in 23.1.5.

Database specific 
{
    "cwe_ids": [
        "CWE-77"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32025.json"
}
References

Affected packages

Git / github.com/bmaltais/kohya_ss

Affected ranges

Type
GIT
Repo
https://github.com/bmaltais/kohya_ss
Events
Introduced
6d0a9ba0d2d3fea61d5b0e18e989a34f760d5c61
Fixed
05c6644835951e8b3385c6c1ab39fe6abfc0b3fd

Affected versions

23.*

23.0.4

v22.*

v22.6.1
v22.6.2

v23.*

v23.0.0
v23.0.1
v23.0.10
v23.0.11
v23.0.12
v23.0.13
v23.0.14
v23.0.15
v23.0.2
v23.0.3
v23.0.5
v23.0.6
v23.0.7
v23.0.8
v23.0.9
v23.1.0
v23.1.1
v23.1.2
v23.1.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32025.json"