Unrated severityNVD Advisory· Published Oct 22, 2023· Updated Sep 12, 2024

CVE-2023-46315

Description

The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

zanllp/sd-webui-infinite-image-browsingdescription
zanllp/sd-webui-infinite-image-browsingllm-create
Range: < 977815a

Patches

Vulnerability mechanics

References

github.com/zanllp/sd-webui-infinite-image-browsing/issues/387mitre
github.com/zanllp/sd-webui-infinite-image-browsing/pull/368/commits/977815a2b28ad953c10ef0114c365f698c4b8f19mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000