CVE-2024-11042

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-11042

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-11042.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-11042

Aliases

GHSA-227r-w5j2-6243

Published

2025-03-20T10:15:23Z

Modified

2025-03-21T17:14:49.483838Z

Summary

[none]

Details

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite databases, and configuration files. This can impact the integrity and availability of applications relying on these files.

References

Affected packages

Git / github.com/invoke-ai/invokeai

Affected ranges

Type: GIT
Repo: https://github.com/invoke-ai/invokeai
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5440c037674882b2ab7acd59087e9bb04b49657a

Affected versions

2.*

2.0.0-rc1

2.0.0-rc2

2.0.0-rc3

2.0.0-rc4

2.0.0-rc5

2.0.0-rc6

2.0.0-rc7

2.0.0-rc8

2.1.0-rc1

2.1.0-rc2

2.1.0-rc3

2.1.0-rc4

2.2.0-rc2

2.2.0-rc4

2.2.4-rc1

2.2.4-rc2

3.*

3.4.0post1

3.6.3

3.7.0

Other

pre-nodes

show

v3-latest

v3-latest-test

vinstaller-test-delete

release-0.*

release-0.95

release-1.*

release-1.02

release-1.03

release-1.04

release-1.05

release-1.06

release-1.07

release-1.08

release-1.09

release-1.10

release-1.11

release-1.13

release-1.14

release-1.14.1

release-2.*

release-2.0.0

release-candidate-1.*

release-candidate-1.14

release-candidate-1.14.1

release-candidate-1.14.2

release-candidate-1.14.3

release-candidate-1.14.4

release_0.*

release_0.91

release_0.96

release_1.*

release_1.0

release_1.01

v.*

v.2.3.1-rc1

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.1.2

v2.1.3

v2.1.3p1

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.5p1

v2.3.0

v2.3.0-rc1

v2.3.0-rc2

v2.3.0-rc4

v2.3.0-rc5

v2.3.0-rc6

v2.3.0-rc7

v2.3.1

v2.3.1+rc1

v2.3.1+rc2

v2.3.1+rc3

v2.3.1-rc4

v2.3.3-rc7

v3.*

v3.0-latest

v3.0.0

v3.0.0+a2

v3.0.0+a3

v3.0.0+a4

v3.0.0+a5

v3.0.0+a6

v3.0.0+a7

v3.0.0+a8

v3.0.0+b10

v3.0.0+b2

v3.0.0+b3

v3.0.0+b4

v3.0.0+b5

v3.0.0+b6

v3.0.0+b7

v3.0.0+b8

v3.0.0+b9

v3.0.0-rc1

v3.0.0rc1

v3.0.0rc2

v3.0.1

v3.0.1post1

v3.0.1post2

v3.0.1post3

v3.0.1rc1

v3.0.1rc2

v3.0.2

v3.0.2post1

v3.0.2rc1

v3.1.0

v3.1.0rc1

v3.1.1rc1

v3.2.0

v3.3.0

v3.4.0

v3.4.0post2

v3.5.0

v3.5.0rc5

v3.5.1

v3.6.0

v3.6.0rc1

v3.6.0rc2

v3.6.0rc3

v3.6.0rc4

v3.6.0rc5

v3.6.0rc6

v3.6.1

v3.6.2

v4.*

v4.0.0

v4.0.0rc1

v4.0.0rc2

v4.0.0rc3

v4.0.0rc4

v4.0.0rc5

v4.0.0rc6

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.1.0

v4.2.0

v4.2.0a1

v4.2.0a2

v4.2.0a3

v4.2.0a4

v4.2.0b1

v4.2.0b2

v4.2.1

v4.2.2

v4.2.2post1

v4.2.3

v4.2.4

v4.2.5

v4.2.6

v4.2.6a1

v4.2.6post1

v4.2.6rc1

v4.2.7

v4.2.7rc1

v4.2.8

v4.2.8rc1

v4.2.8rc2

v4.2.9

v4.2.9rc1

v4.2.9rc2

v5.*

v5.0.0

v5.0.0.a1

v5.0.0.a2

v5.0.0.a3

v5.0.0.a4

v5.0.0.a5

v5.0.0.a6

v5.0.0.a7

v5.0.0.a8

v5.0.0.rc1

v5.0.0.rc2

v5.0.1

v5.0.2

v5.1.0

v5.1.0rc2

v5.1.0rc3

v5.1.0rc4

v5.1.0rc5

v5.1.1

v5.2.0

v5.2.0rc1

v5.2.0rc2

version_0.*

version_0.9