Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
sd-webui-infinite-image-browsing 安全漏洞
Vulnerability Description
sd-webui-infinite-image-browsing是zanllp个人开发者的一个图像浏览器。 sd-webui-infinite-image-browsing 977815a之前版本存在安全漏洞,该漏洞源于如果在没有密钥配置的情况下启用Gradio身份验证,则允许远程攻击者获取本地文件。
CVSS Information
N/A
Vulnerability Type
N/A