CVE-2024-32027

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-32027

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32027.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-32027

Aliases

GHSA-8h78-3vqm-xw83

Published

2024-04-16T14:46:24Z

Modified

2025-11-11T03:03:11.955634Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Kohya_ss is vulnerable to a command injection in `finetune_gui.py` (`GHSL-2024-022`)

Details

Kohyass is a GUI for Kohya's Stable Diffusion trainers. Kohyass v22.6.1 is vulnerable to command injection in finetune_gui.py This vulnerability is fixed in 23.1.5.

Database specific

{
    "cwe_ids": [
        "CWE-77"
    ]
}

References

Affected packages

Git / github.com/bmaltais/kohya_ss

Affected ranges

Type: GIT
Repo: https://github.com/bmaltais/kohya_ss
Events: Introduced

6d0a9ba0d2d3fea61d5b0e18e989a34f760d5c61

Fixed

05c6644835951e8b3385c6c1ab39fe6abfc0b3fd

Affected versions

23.*

23.0.4

v22.*

v22.6.1

v22.6.2

v23.*

v23.0.0

v23.0.1

v23.0.10

v23.0.11

v23.0.12

v23.0.13

v23.0.14

v23.0.15

v23.0.2

v23.0.3

v23.0.5

v23.0.6

v23.0.7

v23.0.8

v23.0.9

v23.1.0

v23.1.1

v23.1.2

v23.1.3