Automatic1111 Stable-Diffusion-Webui vulnerabilities
6 known vulnerabilities affecting automatic1111/automatic1111_stable-diffusion-webui.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2024-11044P3MEDIUMCVSS 6.1PoC≥ unspecified, ≤ latest2025-03-20
CVE-2024-11044 [MEDIUM] CWE-601 CVE-2024-11044: An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remot
An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This vulnerability can be exploited to conduct phishing attacks, distribute malware, and steal user credentials.
nvd
CVE-2024-11045P3CRITICALCVSS 9.6≥ unspecified, ≤ latest2025-03-20
CVE-2024-11045 [CRITICAL] CWE-284 CVE-2024-11045: A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui versi
A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at ws://127.0.0.1:7860/queue/join, enabling unauthorized actions on the
nvd
CVE-2024-10935P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-10935 [HIGH] CWE-770 CVE-2024-10935: automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails
automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary, leading to excessive resource consumption and a complete
nvd
CVE-2024-12375P3MEDIUMCVSS 6.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-12375 [MEDIUM] CWE-36 CVE-2024-12375: A local file inclusion vulnerability was identified in automatic1111/stable-diffusion-webui, affecti
A local file inclusion vulnerability was identified in automatic1111/stable-diffusion-webui, affecting version git 82a973c. This vulnerability allows an attacker to read arbitrary files on the system by sending a specially crafted request to the application.
nvd
CVE-2024-12074P3MEDIUMCVSS 6.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-12074 [MEDIUM] CWE-400 CVE-2024-12074: A Denial of Service (DoS) vulnerability was discovered in the file upload feature of automatic1111/s
A Denial of Service (DoS) vulnerability was discovered in the file upload feature of automatic1111/stable-diffusion-webui version 1.10.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server becomes overwhelmed and unresponsive
nvd
CVE-2024-12374P4MEDIUMCVSS 6.1≥ unspecified, ≤ latest2025-03-20
CVE-2024-12374 [MEDIUM] CWE-79 CVE-2024-12374: A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui ver
A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript in the victim's browser.
nvd