← Volver a CVEs
CVE-2024-12882
N/ADescripcion
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs `POST /internal/models/download` and `GET /view`, allowing attackers to abuse the victim server's credentials to access unauthorized web resources.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado3/20/2025
Ultima modificacion8/1/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
comfy:comfyui
Debilidades (CWE)
CWE-918
Referencias
https://huntr.com/bounties/e8768cb1-6a80-40c1-9cdf-bcd21f01f85a(security@huntr.dev)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.