CVE-2024-10935

Name of the Vulnerable Software and Affected Versions automatic1111/stable-diffusion-webui version 1.10.0

Description The software is susceptible to a flaw where the server does not properly manage extra characters added to the end of multipart boundaries. This can be exploited by sending specially crafted multipart requests with arbitrary characters appended to the boundary, resulting in excessive resource consumption and a complete denial of service (DoS) for all users. The issue is unauthenticated, meaning no user login or interaction is required for exploitation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.