5 matches found
CVE-2024-21574
The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or...
CVE-2024-21574
creationtimestamp| type| source ---|---|--- 2024-12-12 08:21:22+00:00| seen| https://infosec.exchange/users/cve/statuses/113638878905265900 2024-12-12 11:19:22+00:00| seen| https://t.me/cvedetector/12755...
CVE-2024-21574
The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or...
CVE-2024-21574
The CVE-2024-21574 issue affects the ComfyUI-Manager extension for ComfyUI, caused by missing validation of the pip field in a POST to /customnode/install. This permits an attacker to trigger a pip install from a user-controlled package or URL, resulting in Remote Code Execution (RCE) on the serv...
CVE-2024-21574
The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or...