7 matches found
EUVD-2024-19225
Malicious code in bioql PyPI...
CVE-2024-21576
ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects ...
CVE-2024-21576
ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects ...
CVE-2024-21576
ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects ...
CVE-2024-21576
CVE-2024-21576 affects ComfyUI-Bmad-Nodes, where a validation bypass in BuildColorRangeHSVAdvanced, FilterContour, and FindContour nodes allows an entrypoint to call eval, enabling an attacker to inject crafted workflow data and execute arbitrary code on the server. The issue is evidenced by mult...
ComfyUI Bmad Nodes 安全漏洞
ComfyUI Bmad Nodes is a utility node for ComfyUI by the bmad4ever individual developer. A security vulnerability exists in ComfyUI Bmad Nodes that stems from an authentication bypass in the BuildColorRangeHSVAdvanced, FilterContour, and FindContour custom nodes, which could lead to the execution ...
CVE-2024-21574
The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or...