← Back to CVEs
CVE-2024-12882
N/ADescription
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs `POST /internal/models/download` and `GET /view`, allowing attackers to abuse the victim server's credentials to access unauthorized web resources.
CVE Details
CVSS v3.1 ScoreN/A
Published3/20/2025
Last Modified8/1/2025
Sourcenvd
Honeypot Sightings0
Affected Products
comfy:comfyui
Weaknesses (CWE)
CWE-918
References
https://huntr.com/bounties/e8768cb1-6a80-40c1-9cdf-bcd21f01f85a(security@huntr.dev)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.