icon

We found results for “

CVE-2024-21575

Date: December 12, 2024

ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the "image.filename" field in a POST request sent to the "/upload/temp" endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some conditions, result in remote code execution (RCE).

Language: Python

Severity Score

Severity Score

Weakness Type (CWE)

Path Traversal: '.../...//'

CWE-35

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us