← Zuruck zu CVEs
CVE-2024-12882
N/ABeschreibung
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs `POST /internal/models/download` and `GET /view`, allowing attackers to abuse the victim server's credentials to access unauthorized web resources.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht3/20/2025
Zuletzt geandert8/1/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
comfy:comfyui
Schwachen (CWE)
CWE-918
Referenzen
https://huntr.com/bounties/e8768cb1-6a80-40c1-9cdf-bcd21f01f85a(security@huntr.dev)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.