ltdrdata/ComfyUI-Impact-Pack

Releases90

Frequency5 days 10 hours

Last Release 7 months ago

Stars3.15K

Custom nodes pack for ComfyUI This custom node helps to conveniently enhance images through Detector, Detailer, Upscaler, Pipe, and more.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-21575 ↗	Dec 12, 2024Thursday, 12 December 2024, 15:15	8.6 HIGH	—
ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some conditions, result in remote code execution (RCE).