CVE-2024-21577

CVSS V2 None CVSS V3 None
Description
ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval() in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server.
Overview
  • CVE ID
  • CVE-2024-21577
  • Assigner
  • snyk
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-13T11:17:33.613Z
  • Last Modified Date
  • 2024-12-13T11:17:33.613Z
History
Created Old Value New Value Data Type Notes
2024-12-14 14:08:52 Added to TrackCVE