Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval() in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
ComfyUI_AceNodes 安全漏洞
Vulnerability Description
ComfyUI_AceNodes是Kaifeng Xu个人开发者的一个 ComfyUI 的实用程序节点。 ComfyUI_AceNodes存在安全漏洞,该漏洞源于ACE_ExpressionEval节点的入口点函数接受任意用户控制的数据,用户可以创建一个工作流,从而在服务器上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A