CVE-2024-11042 PoC — Invoke 输入验证错误漏洞

Source

https://github.com/gothburz/CVE-2024-11042

Associated Vulnerability

Title:Invoke 输入验证错误漏洞 (CVE-2024-11042)
Description:Invoke是InvokeAI开源的一个稳定扩散模型的领先创意引擎。 Invoke v5.0.2版本存在输入验证错误漏洞，该漏洞源于POST /api/v1/images/delete API中的任意文件删除漏洞。

Description

Proof-of-concept for In invoke-ai/invokeai version v5.0.2 Arbitrary File Deletion.

File Snapshot


 [4.0K]  /data/pocs/05e4705b09af1a3e35f67e6fc2fb1b5866bd9aea
├── [1.3K]  poc.py
└── [ 250]  requirements.txt

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!