cve/2024/CVE-2024-32027.md

CVE-2024-32027

Description

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22.6.1 is vulnerable to command injection in finetune_gui.py This vulnerability is fixed in 23.1.5.

POC

Reference

• https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss

Github

• https://github.com/jayB133/codeql-workshop
• https://github.com/sylwia-budzynska/2025-codergirls-codeql-workshop
• https://github.com/sylwia-budzynska/2025-soss-codeql-workshop
• https://github.com/sylwia-budzynska/codeql-workshop
• https://github.com/sylwia-budzynska/orangecon-2024-codeql-workshop