Image inpainting tool powered by SOTA AI Model. Remove any unwanted object, defect, people from your pictures or erase and replace(powered by stable diffusion) any thing on your pictures.
def api_save_image(self, file: UploadFile):
filename = file.filename
origin_image_bytes = file.file.read()
with open(self.config.output_dir / filename, "wb") as fw:
fw.write(origin_image_bytes)
No check for filename, therefore it's user-controlled. Basically, we can't name our files like "../../something", but it's not the case when we're using curl.
Screenshots
If applicable, add screenshots to help explain your problem.
Model Which model are you using?
Describe the bug A clear and concise description of what the bug is. CVE type: File Overwrite URL: http://localhost:8080/api/v1/save_image
Poc: curl -X POST "http://localhost:8080/api/v1/save_image" -F "file=@file.mp4;filename=../../etc/passwd;"
Error is going here:
No check for filename, therefore it's user-controlled. Basically, we can't name our files like "../../something", but it's not the case when we're using curl.
Screenshots If applicable, add screenshots to help explain your problem.
System Info Software version used