3 matches found
CVE-2024-21575
ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the image.filename field in a POST request sent to the /upload/temp endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some...
CVE-2024-21575
ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the image.filename field in a POST request sent to the /upload/temp endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some...
CVE-2024-21575
CVE-2024-21575 affects ComfyUI-Impact-Pack. Root cause: missing validation of image.filename in the POST /upload/temp endpoint, enabling path traversal and arbitrary file writes on the server. Consequence: under some conditions this can lead to remote code execution (RCE). CVSS vectors indicate h...