4 matches found
CVE-2024-21574
The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or...
CVE-2024-21574
The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or...
CVE-2024-21574
The CVE-2024-21574 issue affects the ComfyUI-Manager extension for ComfyUI, caused by missing validation of the pip field in a POST to /customnode/install. This permits an attacker to trigger a pip install from a user-controlled package or URL, resulting in Remote Code Execution (RCE) on the serv...
CVE-2024-21574
The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or...