{"id":"CVE-2024-32025","summary":"Kohya_ss is vulnerable to a command injection in `group_images_gui.py` (`GHSL-2024-021`)","details":"Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5.","aliases":["GHSA-qprv-9pg5-h33c"],"modified":"2026-04-02T10:47:59.045438Z","published":"2024-04-16T14:44:21.648Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32025.json","cwe_ids":["CWE-77"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32025.json"},{"type":"ADVISORY","url":"https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-qprv-9pg5-h33c"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32025"},{"type":"ADVISORY","url":"https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss"},{"type":"FIX","url":"https://github.com/bmaltais/kohya_ss/commit/831af8babeb75faff62bcc6a8c6a4f80354f1ff1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bmaltais/kohya_ss","events":[{"introduced":"6d0a9ba0d2d3fea61d5b0e18e989a34f760d5c61"},{"fixed":"05c6644835951e8b3385c6c1ab39fe6abfc0b3fd"}]}],"versions":["23.0.4","v22.6.1","v22.6.2","v23.0.0","v23.0.1","v23.0.10","v23.0.11","v23.0.12","v23.0.13","v23.0.14","v23.0.15","v23.0.2","v23.0.3","v23.0.5","v23.0.6","v23.0.7","v23.0.8","v23.0.9","v23.1.0","v23.1.1","v23.1.2","v23.1.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32025.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}