ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval() in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server.
Metrics
Affected Vendors & Products
References
History
Mon, 23 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 13 Dec 2024 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval() in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server. | |
Weaknesses | CWE-94 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2024-12-13T11:17:33.613Z
Updated: 2024-12-23T18:10:54.543Z
Reserved: 2023-12-22T12:33:20.131Z
Link: CVE-2024-21577
Vulnrichment
Updated: 2024-12-23T18:10:51.247Z
NVD
Status : Received
Published: 2024-12-13T12:15:19.910
Modified: 2024-12-13T12:15:19.910
Link: CVE-2024-21577
Redhat
No data.