PT-2024-17824 · Comfy Mtb+1 · Comfy Mtb+1
Boy-Hack
+1
·
Published
2024-12-26
·
Updated
2024-12-26
·
CVE-2024-12952
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
melMass comfy mtb versions up to 0.1.4
Description
A critical vulnerability was found in the Dependency Handler component, specifically in the
run command function of the file comfy mtb/endpoint.py. This vulnerability leads to code injection and can be exploited remotely. The exploit has been disclosed to the public.Recommendations
For melMass comfy mtb versions up to 0.1.4, apply the patch named d6e004cce2c32f8e48b868e66b89f82da4887dc3 to fix this issue. As a temporary workaround, consider disabling the
run command function until the patch is applied. Restrict access to the vulnerable comfy mtb/endpoint.py file to minimize the risk of exploitation.Exploit
Fix
Special Elements Injection
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Comfy Mtb
Melmass