本頁列出影響 automatic1111 stable-diffusion-webui 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-12375 | A local file inclusion vulnerability was identified in automatic1111/stable-diffusion-webui, affecting version git 82a973c. This vulnerability allows an attacker to read arbitrary files on the system by sending a specially crafted request to the application. | [email protected] | 6.5 | 0.72% | 2025-03-20 | 2025-10-30 |
| CVE-2024-12374 | A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript in the victim's browser. | [email protected] | 6.1 | 0.37% | 2025-03-20 | 2025-10-30 |
| CVE-2024-12074 | A Denial of Service (DoS) vulnerability was discovered in the file upload feature of automatic1111/stable-diffusion-webui version 1.10.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server becomes overwhelmed and unresponsive, leading to unavailability for legitimate users. This issue can be exploited without authentication, making it highly scalable and increasing the ri | [email protected] | 6.5 | 0.72% | 2025-03-20 | 2025-08-05 |
| CVE-2024-11045 | A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at ws://127.0.0.1:7860/queue/join, enabling unauthorized actions on the server. This can lead to unauthorized cloning of server extensions, execution of malicious scripts, data exfiltration, and potential denial of service | [email protected] | 9.6 | 0.36% | 2025-03-20 | 2025-08-05 |
| CVE-2024-11044 | An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This vulnerability can be exploited to conduct phishing attacks, distribute malware, and steal user credentials. | [email protected] | 6.1 | 0.78% | 2025-03-20 | 2025-08-05 |
| CVE-2024-10935 | automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary, leading to excessive resource consumption and a complete denial of service (DoS) for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to e | [email protected] | 7.5 | 0.71% | 2025-03-20 | 2025-10-15 |