漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Arbitrary File Delete in invoke-ai/invokeai
Vulnerability Description
In invoke-ai/invokeai version v5.0.2, the web API `POST /api/v1/images/delete` is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite databases, and configuration files. This can impact the integrity and availability of applications relying on these files.
CVSS Information
N/A
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
Invoke 输入验证错误漏洞
Vulnerability Description
Invoke是InvokeAI开源的一个稳定扩散模型的领先创意引擎。 Invoke v5.0.2版本存在输入验证错误漏洞,该漏洞源于POST /api/v1/images/delete API中的任意文件删除漏洞。
CVSS Information
N/A
Vulnerability Type
N/A