CVE-2024-12952 | melMass comfy_mtb up to 0.1.4 Dependency comfy_mtb/endpoint.py run_command code injection

Posted by Angelo Barbosa | Dec 25, 2024 | CVE

A vulnerability classified as critical was found in melMass comfy_mtb up to 0.1.4. Affected by this vulnerability is the function run_command of the file comfy_mtb/endpoint.py of the component Dependency Handler. The manipulation leads to code injection.

This vulnerability is known as CVE-2024-12952. The attack can be launched remotely. Furthermore, there is an exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2024-12952 | melMass comfy_mtb up to 0.1.4 Dependency comfy_mtb/endpoint.py run_command code injection

Related Posts

CVE-2024-33424 | CMSimple 5.15 Settings Menu Downloads cross site scripting

CVE-2024-41597 | ProcessWire 3.0.229 Comments cross-site request forgery

CVE-2024-22808 | Tormach xsTECH CNC Router 2.9.6 Name denial of service

CVE-2023-6618 | SourceCodester Simple Student Attendance System 1.0 index.php page file inclusion