exploitDog

CVE-2024-21577

Опубликовано: 13 дек. 2024

Источник: nvd

CVSS3: 10

EPSS Низкий

Описание

ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval() in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server.

Ссылки

https://github.com/hay86/ComfyUI_AceNodes/blob/5ba01db8a3b7afb8e4aecfaa48823ddeb132bbbb/nodes.py#L1193

EPSS

Процентиль: 43%

0.00209

Низкий

10 Critical

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-rjx4-8gxj-w5gj

CVSS3: 10

github

около 1 года назад

ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval() in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server.

EPSS

Процентиль: 43%

0.00209

Низкий

10 Critical

CVSS3

Дефекты

CWE-94