VYPR
Vendor

ComfyUI Manager

Products
1
CVEs
1
Across products
1
Status
Private

Products

1

Recent CVEs

1
  • CVE-2024-21574CriDec 12, 2024
    risk 0.58cvss 10.0epss 0.01

    The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user…