Executive Summary
This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2024-10481 | First vendor Publication | 2025-03-20 |
| Vendor | Cve | Last vendor Modification | 2025-03-20 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as uploading arbitrary files via the `/upload/image` endpoint. The lack of CSRF protections on API endpoints like `/upload/image`, `/prompt`, and `/history` leaves users vulnerable to unauthorized actions, which could be combined with other vulnerabilities such as stored-XSS to further compromise user sessions. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10481 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2025-03-20 13:20:37 |
|
