← Voltar para CVEs
CVE-2024-12882
N/ADescricao
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs `POST /internal/models/download` and `GET /view`, allowing attackers to abuse the victim server's credentials to access unauthorized web resources.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado3/20/2025
Ultima modificacao8/1/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
comfy:comfyui
Fraquezas (CWE)
CWE-918
Referencias
https://huntr.com/bounties/e8768cb1-6a80-40c1-9cdf-bcd21f01f85a(security@huntr.dev)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.