3 matches found
CVE-2024-10099
CVE-2024-10099 is a stored XSS in comfyanonymous/comfyui triggered by uploading an HTML image via /api/upload/image and executing when viewed through /view. Affected versions cited include 0.2.2 and possibly earlier; some sources also reference up to 0.3.39, indicating broader impact across multi...
CVE-2024-12882
CVE-2024-12882 affects comfyanonymous/comfyui v0.2.4. The vulnerability is a non-blind SSRF exploitable by combining REST APIs POST /internal/models/download and GET /view, allowing an attacker to abuse the victim server’s credentials to access unauthorized external resources. Multiple connected ...
CVE-2024-10481
CVE-2024-10481 is a CSRF vulnerability in comfyanonymous/comfyui