Security Advisory

CVE-2024-21576

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-12-13 11:17:00

Last updated 2024-12-23 18:11:35

Assigner snyk

State PUBLISHED

Description

ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects a crafted string into the node. This can result in executing arbitrary code on the server.

← Browse all CVEs View on cve.org ↗