CVE-2024-12029

{"id": "CVE-2024-12029", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:26.157", "references": [{"url": "https://github.com/invoke-ai/invokeai/commit/756008dc5899081c5aa51e5bd8f24c1b3975a59e", "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/9b790f94-1b1b-4071-bc27-78445d1a87a3", "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/9b790f94-1b1b-4071-bc27-78445d1a87a3", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious code in model files, which is executed upon loading. This issue is fixed in version 5.4.3."}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en las versiones 5.3.1 a 5.4.2 de evolve-ai/invokeai a trav\u00e9s de la API /api/v2/models/install. Esta vulnerabilidad surge de la deserializaci\u00f3n insegura de archivos de modelo mediante torch.load sin la validaci\u00f3n adecuada. Los atacantes pueden explotarla incrustando c\u00f3digo malicioso en los archivos de modelo, que se ejecuta al cargarlos. Este problema se ha corregido en la versi\u00f3n 5.4.3."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security@huntr.dev"}