Eric-C

**Name of the Vulnerable Software and Affected Versions** ComfyUI versions prior to 0.13.0 **Description** A path traversal issue exists in the Model Preview Endpoint within the `get model preview()` function of the `app/model manager.py` file. This flaw allows a remote attacker to manipulate file paths to access unauthorized directories. **Recommendations** Update to a version later than 0.13.0. As a temporary workaround, restrict access to the `get model preview()` function until a patch is applied.

A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

**Name of the Vulnerable Software and Affected Versions** ComfyUI versions prior to 0.13.0 **Description** A flaw in the View Endpoint component within the `server.py` file allows for remote cross site scripting. Cross site scripting is a type of security gap where malicious scripts are injected into otherwise trusted websites. **Recommendations** Update to a version later than 0.13.0. As a temporary workaround, restrict access to the View Endpoint component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ComfyUI versions prior to 0.13.1 **Description** A cross-site request forgery issue exists in the `create origin only middleware()` function within the server.py file. This flaw allows a remote attacker to initiate unauthorized requests by manipulating the application. **Recommendations** Update to a version later than 0.13.0. As a temporary workaround, consider restricting access to the `create origin only middleware()` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** ComfyUI versions prior to 0.13.0 **Description** A path traversal flaw exists in the LoadImage Node component within the `folder paths.get annotated filepath()` function of the `folder paths.py` file. This issue occurs due to improper manipulation of the `Name` argument, allowing for remote exploitation. **Recommendations** Update to a version later than 0.13.0. As a temporary workaround, restrict access to the `folder paths.get annotated filepath()` function until the update is applied.

Name of the Vulnerable Software and Affected Versions FoundationAgents MetaGPT versions up to 0.8.1 Description A flaw exists in the Terminal.run command function within the metagpt/tools/libs/terminal.py library. This allows for os command injection, potentially enabling remote exploitation. The exploit has been publicly disclosed. Recommendations Apply the patch d04ffc8dc67903e8b327f78ec121df5e190ffc7b.

**Name of the Vulnerable Software and Affected Versions** FoundationAgents MetaGPT versions prior to 0.8.2 **Description** A flaw in the XML Handler component allows remote attackers to cause improper neutralization of directives in dynamically evaluated code. This issue occurs within the `ActionNode.xml fill()` function located in the `metagpt/actions/action node.py` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the `ActionNode.xml fill()` function.