CVE-2024-21574 | ltdrdata ComfyUI-Manager up to 2.51.0 POST Request /customnode/install pip code injection

Posted by Angelo Barbosa | Dec 12, 2024 | CVE

A vulnerability, which was classified as very critical, was found in ltdrdata ComfyUI-Manager up to 2.51.0. This affects an unknown part of the file /customnode/install of the component POST Request Handler. The manipulation of the argument pip leads to code injection.

This vulnerability is uniquely identified as CVE-2024-21574. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-21574 | ltdrdata ComfyUI-Manager up to 2.51.0 POST Request /customnode/install pip code injection

Related Posts

CVE-2023-35749 | D-Link DAP-2622 stack-based overflow (ZDI-23-1254)

CVE-2024-4204 | Bulk Posts Editing Plugin up to 4.2.3 on WordPress cross-site request forgery

CVE-2024-25386 | laurelbridge DICOM Connectivity Framework up to 2.7.6a format_logfile.pl path traversal

CVE-2024-53676 | HPE Insight Remote Support prior 7.14.0.629 path traversal