CVE-2024-12761
📋 TL;DR
A Denial of Service vulnerability in the brycedrennan/imaginairy repository allows attackers to crash the server by sending invalid requests to the /api/stablestudio/generate endpoint. This affects all users of version 15.0.0, making the service unavailable until manually restarted.
💻 Affected Systems
- brycedrennan/imaginairy
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage requiring manual intervention to restart the server, potentially disrupting critical image generation workflows.
Likely Case
Intermittent service disruptions affecting all users until administrators notice and restart the server process.
If Mitigated
Minimal impact with proper request validation and monitoring in place to detect and block malicious requests.
🎯 Exploit Status
Exploitation requires sending malformed requests to the vulnerable endpoint, which is relatively simple to execute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 15.0.1 or later
Vendor Advisory: https://huntr.com/bounties/282900f4-2498-42c4-8ce7-ba5368aaf035
Restart Required: Yes
Instructions:
1. Update imaginairy to version 15.0.1 or later using pip: pip install --upgrade imaginairy 2. Restart the server process to apply the fix.
🔧 Temporary Workarounds
Input Validation
allImplement request validation middleware to reject malformed requests before they reach the vulnerable endpoint.
Rate Limiting
allApply rate limiting to the /api/stablestudio/generate endpoint to reduce the impact of DoS attempts.
🧯 If You Can't Patch
- Implement a web application firewall (WAF) to block malformed requests to the vulnerable endpoint.
- Monitor server processes and set up automated alerts for unexpected terminations to enable quick recovery.
🔍 How to Verify
Check if Vulnerable:
Check if imaginairy version is 15.0.0 by examining the installed package version.Check Version:
pip show imaginairy | grep VersionVerify Fix Applied:
Verify that imaginairy version is 15.0.1 or later and test the /api/stablestudio/generate endpoint with malformed requests to ensure it no longer crashes.📡 Detection & Monitoring
Log Indicators:
- Server process termination with 'KILLED' output
- Unusual number of requests to /api/stablestudio/generate
- Error logs indicating malformed request handling
Network Indicators:
- Spike in requests to the vulnerable endpoint
- Unusual request patterns or malformed payloads
SIEM Query:
source="imaginairy.log" AND ("KILLED" OR "process terminated" OR "malformed request")