Lucene search
K

7 matches found

NVD
NVD
added 2024/12/12 3:15 p.m.14 views

CVE-2024-21575

ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the image.filename field in a POST request sent to the /upload/temp endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some...

9.2CVSS0.00973EPSS
Exploits0References2
OSV
OSV
added 2024/12/12 3:15 p.m.6 views

CVE-2024-21575

ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the image.filename field in a POST request sent to the /upload/temp endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some...

9.2CVSS7.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/12 2:14 p.m.12 views

CVE-2024-21575

ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the image.filename field in a POST request sent to the /upload/temp endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some...

9.2CVSS7.8AI score0.00973EPSS
Exploits0References2
CVE
CVE
added 2024/12/12 2:14 p.m.55 views

CVE-2024-21575

CVE-2024-21575 affects ComfyUI-Impact-Pack. Root cause: missing validation of image.filename in the POST /upload/temp endpoint, enabling path traversal and arbitrary file writes on the server. Consequence: under some conditions this can lead to remote code execution (RCE). CVSS vectors indicate h...

9.2CVSS7.9AI score0.00973EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/12 2:14 p.m.16 views

CVE-2024-21575

ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the image.filename field in a POST request sent to the /upload/temp endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some...

9.2CVSS0.00973EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.4 views

PT-2024-18966 · Unknown · Comfyui-Impact-Pack

Name of the Vulnerable Software and Affected Versions: ComfyUI-Impact-Pack affected versions not specified Description: The issue stems from missing validation of the image.filename field in a POST request sent to the "/upload/temp" endpoint, resulting in writing arbitrary files to the file syste...

9.2CVSS7.7AI score0.00973EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.4 views

ComfyUI-Impact-Pack 产品安全漏洞

ComfyUI-Impact-Pack is a custom node pack for ComfyUI by the individual developer of Dr.Lt.Data. A security vulnerability exists in ComfyUI-Impact-Pack that stems from a lack of field validation, is susceptible to path traversal attacks, can lead to writing arbitrary files to the file system, and...

9.2CVSS7.1AI score0.00973EPSS
Exploits0References2
Rows per page
Query Builder