CVE-2024-11043 Information

Description

A Denial of Service (DoS) vulnerability was discovered in the /api/v1/boards/board_id endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the board_name field during a PATCH request. By sending a large payload the UI becomes unresponsive rendering it impossible for users to interact with or manage the affected board. Additionally the option to delete the board becomes inaccessible amplifying the severity of the issue.

Reference

https://huntr.com/bounties/9270900a-b8b7-402f-aee5-432d891e5648 https://huntr.com/bounties/9270900a-b8b7-402f-aee5-432d891e5648