← Retour aux CVEs
CVE-2024-12882
N/ADescription
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs `POST /internal/models/download` and `GET /view`, allowing attackers to abuse the victim server's credentials to access unauthorized web resources.
Details CVE
Score CVSS v3.1N/A
Publie3/20/2025
Derniere modification8/1/2025
Sourcenvd
Observations honeypot0
Produits affectes
comfy:comfyui
Faiblesses (CWE)
CWE-918
References
https://huntr.com/bounties/e8768cb1-6a80-40c1-9cdf-bcd21f01f85a(security@huntr.dev)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.