GHSA-ffh5-w482-c7m5

Source

https://github.com/advisories/GHSA-ffh5-w482-c7m5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-ffh5-w482-c7m5/GHSA-ffh5-w482-c7m5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-ffh5-w482-c7m5

Aliases

CVE-2024-11043

Published

2025-03-20T12:32:41Z

Modified

2025-03-21T16:43:08.716050Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

InvokeAI Uncontrolled Resource Consumption vulnerability

Details

A Denial of Service (DoS) vulnerability was discovered in the /api/v1/boards/{boardid} endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the boardname field during a PATCH request. By sending a large payload, the UI becomes unresponsive, rendering it impossible for users to interact with or manage the affected board. Additionally, the option to delete the board becomes inaccessible, amplifying the severity of the issue.

Database specific

{
    "nvd_published_at": "2025-03-20T10:15:23Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-400"
    ],
    "github_reviewed_at": "2025-03-21T16:31:27Z"
}

References

Affected packages

PyPI / invokeai

Package

Name: invokeai; View open source insights on deps.dev
Purl: pkg:pypi/invokeai

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.0.2

Affected versions

2.*

2.2.4.5

2.2.4.6

2.2.4.7

2.2.5

2.3.0a0

2.3.0a1

2.3.0a2

2.3.0a3

2.3.0rc3

2.3.0rc4

2.3.0rc5

2.3.0rc6

2.3.0rc7

2.3.0

2.3.1rc4

2.3.1

2.3.1.post1

2.3.1.post2

2.3.2

2.3.2.post1

2.3.3rc1

2.3.3

2.3.4a0

2.3.4rc1

2.3.4

2.3.4.post1

2.3.5rc1

2.3.5

2.3.5.post1

2.3.5.post2

3.*

3.0.0

3.0.1rc1

3.0.1rc2

3.0.1

3.0.1.post1

3.0.1.post2

3.0.1.post3

3.0.2a1

3.0.2rc1

3.0.2

3.0.2.post1

3.1.0

3.1.1rc1

3.1.1

3.2.0

3.3.0

3.3.0.post1

3.3.0.post2

3.3.0.post3

3.4.0rc2

3.4.0rc3

3.4.0rc4

3.4.0

3.4.0.post1

3.4.0.post2

3.5.0rc1

3.5.0rc2

3.5.0rc3

3.5.0

3.5.1

3.6.0rc1

3.6.0rc2

3.6.0rc3

3.6.0rc4

3.6.0rc5

3.6.0rc6

3.6.0

3.6.1

3.6.2

3.6.3rc1

3.6.3

3.7.0

4.*

4.0.0rc1

4.0.0rc2

4.0.0rc4

4.0.0rc5

4.0.0rc6

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.1.0

4.2.0a1

4.2.0a2

4.2.0a3

4.2.0a4

4.2.0b1

4.2.0b2

4.2.0

4.2.1

4.2.2

4.2.2.post1

4.2.3

4.2.4

4.2.5

4.2.6a1

4.2.6rc1

4.2.6

4.2.6.post1

4.2.7rc1

4.2.7

4.2.7.post1

4.2.8rc1

4.2.8rc2

4.2.8

4.2.9.dev3

4.2.9.dev4

4.2.9.dev5

4.2.9.dev6

4.2.9.dev7

4.2.9.dev8

4.2.9.dev9

4.2.9.dev10

4.2.9.dev11

4.2.9.dev12

4.2.9.dev20240823

4.2.9.dev20240824

4.2.9rc1

4.2.9rc2

4.2.9

5.*

5.0.0.dev13

5.0.0a1

5.0.0a2

5.0.0a3

5.0.0a4

5.0.0a5

5.0.0a6

5.0.0a7

5.0.0a8

5.0.0rc1

5.0.0rc2

5.0.0

5.0.1

5.0.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-ffh5-w482-c7m5/GHSA-ffh5-w482-c7m5.json"