High severity7.5NVD Advisory· Published Mar 20, 2025· Updated Apr 15, 2026

CVE-2024-11043

Description

A Denial of Service (DoS) vulnerability was discovered in the /api/v1/boards/{board_id} endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the board_name field during a PATCH request. By sending a large payload, the UI becomes unresponsive, rendering it impossible for users to interact with or manage the affected board. Additionally, the option to delete the board becomes inaccessible, amplifying the severity of the issue.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
InvokeAIPyPI	<= 5.0.2	—

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-ffh5-w482-c7m5ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-11043ghsaADVISORY
github.com/invoke-ai/InvokeAI/blob/b79f2a4e4f183db9016584813748a69d34d62a26/invokeai/app/services/shared/invocation_context.pyghsaWEB
huntr.com/bounties/9270900a-b8b7-402f-aee5-432d891e5648nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000