search

AUTOMATIC1111 / stable-diffusion-webui

Stable Diffusion web UI
GNU Affero General Public License v3.0
141.68k stars 26.77k forks source link

[Bug]: Some malicious extension is getting installed automatically after making 10K+ calls to Stable diffusion model through the API. #16500

Open knowitall12 opened 1 month ago

knowitall12 commented 1 month ago

sd.txt sd.txt

Checklist

What happened?

When we made 10K calls to generate different images we observed that a new extension with URL "http://77.90.22.129:3000/WCZMKQKVIQ/na8672" is getting installed. SD Extensions

Steps to reproduce the problem

  1. Install Stable Diffusion.
  2. Install following Extensions: A. https://github.com/Mikubill/sd-webui-controlnet B. https://github.com/AUTOMATIC1111/stable-diffusion-webui-nsfw-censor C. https://github.com/w-e-w/sd-webui-nudenet-nsfw-censor
  3. Try making 10K calls to Stable diffusion using the endpoint: sdapi/v1/txt2img

What should have happened?

The malicious extension shouldn't have been installed automatically.

What browsers do you use to access the UI ?

Google Chrome

Sysinfo

sysinfo-2024-09-18-15-03.json

Console logs

Attached in files section.

Additional information

We have deployed it on K8s on a pod using a Dockerfile.

missionfloyd commented 1 month ago

What likely happened is that it's exposed to the internet, and someone got in and installed that. It'd probably be best to delete the container and start over.

Before reinstalling, edit the dockerfile and remove --enable-insecure-extension-access and --allow-code if present. Those effectively allow users to run arbitrary code and are disabled by default. Dockerfile maintainers seem to always enable them for some reason.

Set a password by adding --gradio-auth username:password

Extensions can be installed manually from the terminal by going to the extensions directory and running git clone EXTENSION_URL

cd ~/stable-diffusion-webui/extensions
git clone https://github.com/Mikubill/sd-webui-controlnet