CVE-2024-11043

Name of the Vulnerable Software and Affected Versions invoke-ai/invokeai version v5.0.2

Description A Denial of Service (DoS) issue was discovered in the "/api/v1/boards/{board id}" endpoint. This occurs when an excessively large payload is sent in the board name field during a PATCH request, causing the UI to become unresponsive and making it impossible for users to interact with or manage the affected board. The option to delete the board also becomes inaccessible.

Recommendations For invoke-ai/invokeai version v5.0.2, consider restricting access to the "/api/v1/boards/{board id}" endpoint to prevent exploitation until a fix is available. As a temporary workaround, limit the size of the payload that can be sent in the board name field to prevent the UI from becoming unresponsive.