Vulnerabilities (CVE)

Filtered by vendor Zanllp Subscribe
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-46315 1 Zanllp 1 Stable Diffusion Webui Infinite Image Browsing 2024-11-21 N/A 7.5 HIGH
The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials.