Security Advisory

CVE-2024-21575

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-12-12 14:14:29

Last updated 2024-12-12 14:27:59

Assigner snyk

State PUBLISHED

Description

ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some conditions, result in remote code execution (RCE).

← Browse all CVEs View on cve.org ↗