PT-2025-12067 · Unknown · Invoke-Ai Server

Published

2025-03-20

Updated

2025-03-21

CVE-2024-10821

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Invoke-AI server version v5.0.1

Description A Denial of Service (DoS) issue exists in the multipart request boundary processing mechanism, allowing unauthenticated attackers to cause excessive resource consumption by appending excessive characters to the end of multipart boundaries. This leads to an infinite loop and a complete denial of service for all users. The affected endpoint is "/api/v1/images/upload".

Recommendations For Invoke-AI server version v5.0.1, consider disabling access to the "/api/v1/images/upload" endpoint until a patch is available to prevent exploitation. Additionally, restricting the length of multipart boundaries could help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-835

Related Identifiers

CVE-2024-10821

GHSA-6F6X-F56Q-5XGV

Affected Products

Invoke-Ai Server

PT-2025-12067 · Unknown · Invoke-Ai Server

CVE-2024-10821

Weakness Enumeration

Related Identifiers

Affected Products

References · 6