Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025
SSRF in comfyanonymous/comfyui
CVE-2024-12882
Description
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view, allowing attackers to abuse the victim server's credentials to access unauthorized web resources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = v0.2.4
- comfyanonymous/comfyanonymous/comfyuiv5Range: unspecified
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.