CVE-2024-31462

6.3 MEDIUM

Published: April 12, 2024 Modified: April 15, 2026

Description

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59

Source: security-advisories@github.com

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660

Source: security-advisories@github.com

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65

Source: security-advisories@github.com

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653

Source: security-advisories@github.com

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67

Source: security-advisories@github.com

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py

Source: security-advisories@github.com

https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43

Source: security-advisories@github.com

https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461

Source: security-advisories@github.com

https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui

Source: security-advisories@github.com

https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/

Source: security-advisories@github.com

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461

Source: af854a3a-2127-422b-91ae-364da2661108

https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui

Source: af854a3a-2127-422b-91ae-364da2661108

https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/

Source: af854a3a-2127-422b-91ae-364da2661108

20 reference(s) from NVD

Quick Stats

CVSS v3 Score

6.3 / 10.0

EPSS (Exploit Probability)

0.2%

48th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-22

Related CVEs

CVE-2026-40962 4.9

CVE-2026-40505 3.3

CVE-2026-40504 9.8

CVE-2026-3299 6.4

CVE-2026-40960 8.1