CVE-2024-10935
Unauthenticated DoS via Multipart Boundary in automatic1111/stable-diffusion-webui
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.5EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
20 mar 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary, leading to excessive resource consumption and a complete denial of service (DoS) for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
automatic1111 · automatic1111/stable-diffusion-webuiQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →