Описание
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view, allowing attackers to abuse the victim server's credentials to access unauthorized web resources.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:comfy:comfyui:0.2.4:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00128
Низкий
7.5 High
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 7.5
github
11 месяцев назад
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs `POST /internal/models/download` and `GET /view`, allowing attackers to abuse the victim server's credentials to access unauthorized web resources.
EPSS
Процентиль: 33%
0.00128
Низкий
7.5 High
CVSS3
Дефекты
CWE-918