A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/download/{bulk_download_item_name} endpoint. By manipulating the filename arguments, attackers can read and delete any files on the server, including critical system files such as SSH keys, databases, and configuration files. This vulnerability results in high confidentiality, integrity, and availability impacts.
An attacker sends a crafted HTTP GET request to the /api/v1/images/download/{bulk_download_item_name} endpoint, injecting path traversal sequences (e.g., '../../../') in the bulk_download_item_name parameter. The application does not properly validate the file path, allowing escape from the permitted directory and access to any location on the server's file system. This enables both reading and permanent deletion of files outside the application's working directory.
An attacker can read or permanently delete any files on the server, including SSH keys, databases, and configuration files, leading to complete compromise of system confidentiality, integrity, and availability.
Apply patches available from the vendor according to the references. Until updating, it is recommended to restrict network access to the API endpoint and monitor logs for suspicious requests containing path traversal sequences.
InvokeAI version v6.0.0a1 and all earlier versions.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H