| 标题 | comfyanonymous ComfyUI <= 0.13.0 (commit 6648ab68) Path Traversal (CWE-22) |
|---|
| 描述 | # Technical Details
A Path Traversal vulnerability exists in the `get_annotated_filepath` function in `folder_paths.py` of ComfyUI.
The `POST /prompt` API accepts `../` sequences in the LoadImage node's `image` input field. These are passed to `os.path.join(base_dir, name)` without path containment checks in `folder_paths.get_annotated_filepath()`. The combo list validation (which should restrict filenames to the input directory) is bypassed because LoadImage defines `VALIDATE_INPUTS` with `image` as a parameter, causing execution.py to skip the combo check.
# Vulnerable Code
File: folder_paths.py (lines 259-268)
Method: get_annotated_filepath
Why: `os.path.join("/comfyui/input", "../../../etc/shadow_image")` resolves to `/etc/shadow_image`. The protected `get_full_path()` uses `os.path.relpath()` for containment — but `get_annotated_filepath()` has no such check. The `VALIDATE_INPUTS` in nodes.py only checks file existence, not path confinement.
# Reproduction
1. Submit a crafted workflow via POST /prompt with path traversal in the LoadImage image field:
{"image": "../../../tmp/secret.png", "upload": "image"}
2. File existence oracle: HTTP 200 (file exists) vs HTTP 400 (file not found).
3. Chain with PreviewImage → /view to exfiltrate the image content.
# Impact
- File existence oracle: Probe existence of SSH keys, config files, database paths via HTTP status codes.
- Image file exfiltration: Read any image from anywhere on the server filesystem by chaining LoadImage → PreviewImage → /view.
- Affects multiple nodes: LoadImage, LoadImageMask, LoadImageOutput, LoadLatent, LoadAudio, LoadVideo, Load3D, Load3DAnimation.
- No authentication required.
|
|---|
| 来源 | ⚠️ https://gist.github.com/YLChen-007/1e6db39703626dc5c1a2505426754333 |
|---|
| 用户 | Eric-c (UID 96848) |
|---|
| 提交 | 2026-03-27 13時31分 (25 日前) |
|---|
| 管理 | 2026-04-19 11時44分 (23 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 358226 [ComfyUI 直到 0.13.0 LoadImage Node folder_paths.py folder_paths.get_annotated_filepath 名称 目录遍历] |
|---|
| 积分 | 20 |
|---|