CVE-2024-12882
📋 TL;DR
ComfyUI v0.2.4 has a Server-Side Request Forgery (SSRF) vulnerability where attackers can combine two REST APIs to make the server fetch unauthorized web resources. This allows attackers to access internal systems, cloud metadata, or other services using the server's credentials. Anyone running ComfyUI v0.2.4 with the vulnerable APIs exposed is affected.
💻 Affected Systems
- comfyanonymous/comfyui
📦 What is this software?
Comfyui by Comfy
⚠️ Risk & Real-World Impact
Worst Case
Attackers access cloud metadata services (like AWS IMDS), internal APIs, or sensitive internal systems, potentially leading to full cloud account compromise or internal network breach.
Likely Case
Attackers scan internal networks, access internal web applications, or exfiltrate data from services the server can reach.
If Mitigated
Limited to accessing only allowed external resources if proper network segmentation and egress filtering are in place.
🎯 Exploit Status
Requires chaining two API endpoints; no authentication bypass needed if APIs are exposed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v0.2.5 or later
Vendor Advisory: https://huntr.com/bounties/e8768cb1-6a80-40c1-9cdf-bcd21f01f85a
Restart Required: No
Instructions:
1. Update ComfyUI to v0.2.5 or later. 2. Run 'git pull' if using git, or download the latest release. 3. Restart the ComfyUI service.
🔧 Temporary Workarounds
Disable vulnerable APIs
allRemove or restrict access to the /internal/models/download and /view endpoints.
Modify ComfyUI configuration to disable these endpoints or use a reverse proxy to block them.
Network egress filtering
allBlock outbound HTTP/HTTPS requests from ComfyUI server to internal networks and cloud metadata services.
Configure firewall rules to deny ComfyUI server access to internal IP ranges (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and cloud metadata endpoints (e.g., 169.254.169.254).
🧯 If You Can't Patch
- Implement strict network segmentation to isolate ComfyUI server from internal systems and cloud metadata.
- Deploy a web application firewall (WAF) with SSRF protection rules to block malicious requests.
🔍 How to Verify
Check if Vulnerable:
Check if running ComfyUI v0.2.4 and if the /internal/models/download and /view endpoints are accessible.Check Version:
Check the ComfyUI interface or run 'python -c "import comfy; print(comfy.__version__)"' if installed via pip.Verify Fix Applied:
Confirm ComfyUI version is v0.2.5 or later and test that SSRF attempts via the APIs are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from ComfyUI server to internal IPs or cloud metadata endpoints.
- Multiple requests to /internal/models/download with external URLs.
Network Indicators:
- Outbound connections from ComfyUI server to unexpected destinations, especially internal networks.
SIEM Query:
source="comfyui.logs" AND (url="/internal/models/download" OR url="/view") AND (dst_ip IN (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.169.254))