VYPR

ComfyUI-Manager

by ComfyUI Manager

CVEs (1)

  • CVE-2024-21574CriDec 12, 2024
    risk 0.58cvss 10.0epss 0.01

    The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user…