brycedrennan/imaginairy Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the brycedrennan/imaginairy repository, specifically in version 15.0.0. The issue arises in the '/api/stablestudio/generate' endpoint, where sending an invalid request can cause the server process to terminate unexpectedly, with the terminal displaying 'KILLED'. This abrupt shutdown leads to server unavailability, disrupting functionality for all users.

Impact

Exploitation of this vulnerability causes the server process to crash, immediately rendering the service unavailable to users. This disruption can affect critical workflows and revenue-generating services, potentially leading to financial losses and decreased user trust.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/api/stablestudio/generate' endpoint with a JSON payload that includes an excessively large text input. This can be done using a Python script that automates the process, such as one that uses the 'requests' library to send the payload after installing the 'imaginairy' package and starting the server.