Description

In invoke-ai/invokeai version v5.0.2, the web API `POST /api/v1/images/delete` is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite databases, and configuration files. This can impact the integrity and availability of applications relying on these files.

INFO

Published Date :

2025-03-20T10:08:52.134Z

Last Modified :

2025-03-20T19:01:26.093Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-11042 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-11042.

URL Resource
https://github.com/invoke-ai/invokeai/commit/5440c037674882b2ab7acd59087e9bb04b49657a cve-icon cve-icon
https://huntr.com/bounties/635535a7-c804-4789-ac3a-48d951263987 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact