Homepage

comfyui-manager@4.0.3 vulnerabilities

ComfyUI-Manager provides features to install and manage custom nodes for ComfyUI, as well as various functionalities to assist with ComfyUI.

  • latest version

    4.0.5

  • latest non vulnerable version

    4.0.5

  • first published

    9 months ago

  • latest version published

    12 days ago

  • licenses detected

  • View comfyui-manager package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the comfyui-manager package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    CRLF Injection

    comfyui-manager is a ComfyUI-Manager provides features to install and manage custom nodes for ComfyUI, as well as various functionalities to assist with ComfyUI.

    Affected versions of this package are vulnerable to CRLF Injection via the write_config function. An attacker can alter configuration settings by injecting special characters into HTTP query parameters, which are then written to the configuration file.

    Note: This is only exploitable if the application is run with the --listen option enabled, allowing remote access.

    How to fix CRLF Injection?

    Upgrade comfyui-manager to version 4.0.5 or higher.

    [,4.0.5)
    Go back to all versions of this package