CVE-2024-31462

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-31462

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31462.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-31462

Published

2024-04-12T22:15:07Z

Modified

2025-07-01T15:48:50.121504Z

Summary

[none]

Details

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method (Backup/Restore tab) in modules/uiextensions.py takes user input into the configsavename variable on line 653. This user input is later used in the saveconfigstate method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access.

References

Affected packages

Git / github.com/automatic1111/stable-diffusion-webui

Affected ranges

Type: GIT
Repo: https://github.com/automatic1111/stable-diffusion-webui
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d9708c92b444894bce8070e4dcfaa093f8eb8d43

Affected versions

v1.*

v1.0.0-pre

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.3.0

v1.3.0-RC

v1.3.1

v1.3.1-RC

v1.3.2

v1.3.2-RC

v1.4.0

v1.4.0-RC

v1.4.1

v1.5.0

v1.5.0-RC

v1.5.1

v1.5.1-RC

v1.5.2

v1.5.2-RC

v1.6.0

v1.6.0-RC

v1.6.1

v1.7.0

v1.7.0-RC

v1.8.0

v1.8.0-RC

v1.9.0-RC