CVE-2023-46315

Name of the Vulnerable Software and Affected Versions sd-webui-infinite-image-browsing extension versions before 977815a

Description The issue allows remote attackers to read any local file via the "/file?path=" endpoint in the URL, as demonstrated by reading /proc/self/environ to discover credentials, when Gradio authentication is enabled without secret key configuration.

Recommendations For versions before 977815a, consider disabling Gradio authentication or configuring a secret key to mitigate the risk of exploitation. As a temporary workaround, restrict access to the "/file?path=" endpoint to minimize the risk of reading local files.