Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui
Vulnerability Description
A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at ws://127.0.0.1:7860/queue/join, enabling unauthorized actions on the server. This can lead to unauthorized cloning of server extensions, execution of malicious scripts, data exfiltration, and potential denial of service (DoS).
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Stable Diffusion web UI 访问控制错误漏洞
Vulnerability Description
Stable Diffusion web UI是AUTOMATIC1111个人开发者的一个 Web 界面。 Stable Diffusion web UI 1.10.0版本存在访问控制错误漏洞,该漏洞源于跨站WebSocket劫持漏洞,可能导致未经授权的操作。
CVSS Information
N/A
Vulnerability Type
N/A