| tiêu đề | comfyanonymous ComfyUI <= 0.13.0 (commit 6648ab68) Path Traversal (CWE-22) |
|---|
| Mô tả | # Technical Details
A Path Traversal vulnerability exists in the `get_annotated_filepath` function in `folder_paths.py` of ComfyUI.
The `POST /prompt` API accepts `../` sequences in the LoadImage node's `image` input field. These are passed to `os.path.join(base_dir, name)` without path containment checks in `folder_paths.get_annotated_filepath()`. The combo list validation (which should restrict filenames to the input directory) is bypassed because LoadImage defines `VALIDATE_INPUTS` with `image` as a parameter, causing execution.py to skip the combo check.
# Vulnerable Code
File: folder_paths.py (lines 259-268)
Method: get_annotated_filepath
Why: `os.path.join("/comfyui/input", "../../../etc/shadow_image")` resolves to `/etc/shadow_image`. The protected `get_full_path()` uses `os.path.relpath()` for containment — but `get_annotated_filepath()` has no such check. The `VALIDATE_INPUTS` in nodes.py only checks file existence, not path confinement.
# Reproduction
1. Submit a crafted workflow via POST /prompt with path traversal in the LoadImage image field:
{"image": "../../../tmp/secret.png", "upload": "image"}
2. File existence oracle: HTTP 200 (file exists) vs HTTP 400 (file not found).
3. Chain with PreviewImage → /view to exfiltrate the image content.
# Impact
- File existence oracle: Probe existence of SSH keys, config files, database paths via HTTP status codes.
- Image file exfiltration: Read any image from anywhere on the server filesystem by chaining LoadImage → PreviewImage → /view.
- Affects multiple nodes: LoadImage, LoadImageMask, LoadImageOutput, LoadLatent, LoadAudio, LoadVideo, Load3D, Load3DAnimation.
- No authentication required.
|
|---|
| Nguồn | ⚠️ https://gist.github.com/YLChen-007/1e6db39703626dc5c1a2505426754333 |
|---|
| Người dùng | Eric-c (UID 96848) |
|---|
| Đệ trình | 27/03/2026 13:31 (cách đây 24 ngày) |
|---|
| Kiểm duyệt | 19/04/2026 11:44 (23 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 358226 [ComfyUI đến 0.13.0 LoadImage Node folder_paths.py folder_paths.get_annotated_filepath Tên duyệt thư mục] |
|---|
| điểm | 20 |
|---|