zanllp/infinite-image-browsing

GitHub

github.com

Releases31

Frequency1 month 1 day

Last Release 4 months ago

Stars1.25K

A full-featured image/video management app with AI-powered organization and semantic search. Supports metadata from SD-webui, ComfyUI, Fooocus, NovelAI, StableSwarmUI, and more. Available as standalone app, SD-webui extension, or library.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-46315 ↗	Oct 22, 2023Sunday, 22 October 2023, 22:15	7.5 HIGH	—
The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials.