CVE-2024-21576

CVSS V2 None CVSS V3 None
Description
ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects a crafted string into the node. This can result in executing arbitrary code on the server.
Overview
  • CVE ID
  • CVE-2024-21576
  • Assigner
  • snyk
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-13T11:17:00.945Z
  • Last Modified Date
  • 2024-12-13T11:17:00.945Z
History
Created Old Value New Value Data Type Notes
2024-12-14 14:08:50 Added to TrackCVE