High severity7.5NVD Advisory· Published Mar 20, 2025· Updated Apr 15, 2026

CVE-2024-10821

Description

A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server (version v5.0.1) allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and a complete denial of service for all users. The affected endpoint is /api/v1/images/upload.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
InvokeAIPyPI	<= 5.0.2	—

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-6f6x-f56q-5xgvghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-10821ghsaADVISORY
github.com/invoke-ai/InvokeAI/blob/807f458f13e7693ada2fb929c2d513950611fe9c/invokeai/app/api/routers/images.pyghsaWEB
huntr.com/bounties/0ac24835-c4c0-4f11-938a-d5641dfb80b2nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000