| Title | comfyui comfy_mtb v0.1.4 Code Injection |
|---|
| Description | The vulnerability exists because the comfy_mtb plugin allows remote installation of dependencies. An attacker can create a malicious PyPI package and upload it to a local or PyPI repository, then remotely trigger the dependency installation through an API call, resulting in remote code execution. |
|---|
| Source | ⚠️ https://github.com/melMass/comfy_mtb/issues/224 |
|---|
| User | Anonymous User |
|---|
| Submission | 12/25/2024 05:57 (1 Year ago) |
|---|
| Moderation | 12/25/2024 19:17 (13 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 289315 [melMass comfy_mtb up to 0.1.4 Dependency comfy_mtb/endpoint.py run_command code injection] |
|---|
| Points | 18 |
|---|