CVE-2024-12074
📋 TL;DR
This CVE describes a Denial of Service vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 where attackers can crash the server by uploading files with excessively long filenames. The vulnerability affects all users running the vulnerable version, and exploitation requires no authentication, making it easily scalable.
💻 Affected Systems
- automatic1111/stable-diffusion-webui
📦 What is this software?
Stable Diffusion Webui by Automatic1111
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability for all users, requiring manual server restart and potentially causing data loss for in-progress operations.
Likely Case
Temporary service disruption affecting legitimate users until the server is restarted or the malicious request stops.
If Mitigated
Minimal impact with proper input validation and rate limiting in place.
🎯 Exploit Status
Exploitation requires only sending a specially crafted HTTP request with a long filename in form-data. No authentication or special tools needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.10.1 or later
Vendor Advisory: https://huntr.com/bounties/6b44bfc2-31a7-4fe9-86fb-072c90a23642
Restart Required: Yes
Instructions:
1. Update to version 1.10.1 or later using git pull or manual update. 2. Restart the webui service. 3. Verify the fix by checking the version.
🔧 Temporary Workarounds
Input Validation via Reverse Proxy
allConfigure a reverse proxy (nginx, Apache) to reject requests with excessively long filenames before they reach the webui.
# nginx example: add to location block
client_max_body_size 10M;
# Additional regex filtering for filename length
Rate Limiting
allImplement rate limiting on file upload endpoints to prevent mass exploitation.
# Using nginx rate limiting
limit_req_zone $binary_remote_addr zone=upload:10m rate=1r/s;
limit_req zone=upload burst=5 nodelay;
🧯 If You Can't Patch
- Deploy a WAF or reverse proxy with request filtering to block requests with excessively long filenames.
- Disable file upload functionality if not required, or restrict access to authenticated users only.
🔍 How to Verify
Check if Vulnerable:
Check if running version 1.10.0 by examining the webui interface or checking the git commit. Test by attempting to upload a file with a filename exceeding reasonable length (e.g., 1000+ characters).Check Version:
Check webui interface or run: git log --oneline -1Verify Fix Applied:
After updating, verify version is 1.10.1 or later. Test that file uploads with long filenames are rejected with appropriate error messages instead of crashing the service.📡 Detection & Monitoring
Log Indicators:
- HTTP 413 errors (Payload Too Large)
- Server restart logs without normal shutdown
- Multiple failed file upload attempts with similar patterns
Network Indicators:
- Unusually large HTTP POST requests to upload endpoints
- Multiple rapid file upload attempts from single IP
SIEM Query:
source="webui.log" AND ("413" OR "Payload Too Large" OR "server restart" OR "unresponsive")