Bmad4Ever

**Name of the Vulnerable Software and Affected Versions** ComfyUI-Bmad-Nodes (affected versions not specified) **Description** The issue is related to a code injection risk due to a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour, and FindContour custom nodes. This vulnerability can be triggered by generating a workflow that injects a crafted string into the node, resulting in the execution of arbitrary code on the server. The entrypoint function to each node contains a call to `eval` which can be exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.