Security Advisory

CVE-2024-21577

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-12-13 11:17:33

Last updated 2024-12-23 18:10:54

Assigner snyk

State PUBLISHED

Description

ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval() in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server.

← Browse all CVEs View on cve.org ↗