cbcvebase.
CVE-2024-11043
published 2025-03-20

CVE-2024-11043: A Denial of Service (DoS) vulnerability was discovered in the /api/v1/boards/{board_id} endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability…

PriorityP340high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
0.66%
47.1th percentile
A Denial of Service (DoS) vulnerability was discovered in the /api/v1/boards/{board_id} endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the board_name field during a PATCH request. By sending a large payload, the UI becomes unresponsive, rendering it impossible for users to interact with or manage the affected board. Additionally, the option to delete the board becomes inaccessible, amplifying the severity of the issue.

Affected

2 ranges
VendorProductVersion rangeFixed in
invoke-aiinvoke-ai_invokeai0 – 5.0.2
invoke-aiinvoke-ai_invokeaiunspecified – latest
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.