PT-2024-24365 · Kohya Ss · Kohya Ss
Sylwia-Budzynska
·
Published
2024-04-16
·
Updated
2025-09-08
·
CVE-2024-32027
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Kohya ss versions 22.6.1 through 23.1.4
Description
Kohya ss is a GUI for Kohya's Stable Diffusion trainers. The issue is related to command injection in the
finetune gui.py file. This vulnerability is fixed in version 23.1.5.Recommendations
For versions 22.6.1 through 23.1.4, update to version 23.1.5 to resolve the issue.
As a temporary workaround, consider restricting access to the
finetune gui.py file until the update is applied.Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kohya Ss