Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects a crafted string into the node. This can result in executing arbitrary code on the server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
ComfyUI Bmad Nodes 安全漏洞
Vulnerability Description
ComfyUI Bmad Nodes是bmad4ever个人开发者的一个 ComfyUI 的实用程序节点。 ComfyUI Bmad Nodes存在安全漏洞,该漏洞源于BuildColorRangeHSVAdvanced、FilterContour和FindContour自定义节点中的验证绕过,可能导致在服务器上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A