{"id":"CVE-2024-32022","summary":"Kohya_ss is vulnerable to a command injection in basic_caption_gui.py (GHSL-2024-019)","details":"Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss  is vulnerable to command injection in basic_caption_gui.py. This vulnerability is fixed in 23.1.5.","aliases":["GHSA-m6jq-7j4v-2fg3"],"modified":"2026-04-10T05:13:08.380873Z","published":"2024-04-16T14:46:29.957Z","database_specific":{"cwe_ids":["CWE-77"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32022.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32022.json"},{"type":"ADVISORY","url":"https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-m6jq-7j4v-2fg3"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32022"},{"type":"ADVISORY","url":"https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss"},{"type":"FIX","url":"https://github.com/bmaltais/kohya_ss/commit/831af8babeb75faff62bcc6a8c6a4f80354f1ff1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bmaltais/kohya_ss","events":[{"introduced":"0"},{"fixed":"831af8babeb75faff62bcc6a8c6a4f80354f1ff1"}]},{"type":"GIT","repo":"https://github.com/bmaltais/kohya_ss","events":[{"introduced":"0"},{"fixed":"831af8babeb75faff62bcc6a8c6a4f80354f1ff1"}]}],"versions":["V21.8.5","v10","v11","v12","v15","v17","v17.1","v17.2","v18","v18.1","v18.2","v18.3","v18.4","v18.5","v18.6","v18.7","v18.8","v19","v19.1","v19.2","v19.3","v19.3.1","v19.4","v19.4.1","v19.4.2","v20.0","v20.0.4","v20.1","v20.2.1","v20.3.0","v20.3.1","v20.5.0","v20.5.2","v20.6.0","v20.6.1","v20.7.0","v20.7.1","v20.7.2","v20.7.3","v20.7.4","v20.8.0","v20.8.1","v20.8.2","v21.0.1","v21.1.0","v21.1.1","v21.1.1b","v21.1.3","v21.1.4","v21.1.5","v21.2.0","v21.2.1","v21.2.3","v21.2.4","v21.2.5","v21.3.0","v21.3.1","v21.3.3","v21.3.4","v21.3.5","v21.3.6","v21.3.7","v21.3.8","v21.3.9","v21.4.0","v21.4.1","v21.4.2","v21.5.0","v21.5.1","v21.5.10","v21.5.11","v21.5.12","v21.5.14","v21.5.2","v21.5.4","v21.5.5","v21.5.7","v21.5.8","v21.5.9","v21.6.0","v21.6.1","v21.6.2","v21.6.3","v21.6.4","v21.6.6","v21.7.1","v21.7.10","v21.7.11","v21.7.12","v21.7.13","v21.7.14","v21.7.15","v21.7.16","v21.7.2","v21.7.3","v21.7.4","v21.7.5","v21.7.6","v21.7.7","v21.7.8","v21.7.9","v21.8.0","v21.8.2","v21.8.3","v21.8.4","v21.8.6","v22.1.1","v22.2.0","v22.2.1","v22.2.2","v22.3.0","v22.3.1","v8","v9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32022.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}