CVE-2024-10821

HIGH7.5EPSS 0.06%

InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload`

發布日:2025/3/20修改日:2025/10/16

描述

A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server (version v5.0.1) allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and a complete denial of service for all users. The affected endpoint is `/api/v1/images/upload`.

受影響套件(1)

PyPI/invokeaifrom 0, <= 5.0.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-10821
WEBhttps://github.com/invoke-ai/InvokeAI
WEBhttps://github.com/invoke-ai/InvokeAI/blob/807f458f13e7693ada2fb929c2d513950611fe9c/invokeai/app/api/routers/images.py#L29
WEBhttps://huntr.com/bounties/0ac24835-c4c0-4f11-938a-d5641dfb80b2