Create ComfyUI_follow_symlinks_File_Read_Vulnerability_(CVE-2024-23334).md

ComfyUI_follow_symlinks_File_Read_Vulnerability_(CVE-2024-23334).md

@@ -0,0 +1,12 @@
+## 	ComfyUI follow_symlinks File Read Vulnerability (CVE-2024-23334)
+
+|   **Vulnerability**  | 	ComfyUI follow_symlinks File Read Vulnerability (CVE-2024-23334)  |
+| :----:   | :-----|
+|  **Chinese name**  | ComfyUI follow_symlinks 文件读取漏洞（CVE-2024-23334） |
+| **CVSS core**  | 7.5 |
+| **FOFA Query**  (click to view the results directly)| [app="ComfyUI"](https://en.fofa.info/result?qbase64=dGl0bGU9IkNvbWZ5VUki)|
+| **Number of assets affected**  | 1564 |
+| **Description**  | 	ComfyUI is a powerful, modular stable diffusion GUI, API, and backend. It provides a graphical/node interface for designing and managing stable diffusion pipelines.ComfyUI uses a low version of aiohttp as a web server and configures static routes with the follow_symlinks option enabled, leading to an arbitrary file read vulnerability. The vulnerability allows an attacker to read leaked source code, database configuration files, etc., resulting in a highly insecure web site. |
+| **Impact** | ComfyUI uses a lower version of the aiohttp component as the web server and configures static routing with the follow_symlinks option enabled, resulting in an arbitrary file reading vulnerability. Attackers can use this vulnerability to read leaked source code, database configuration files, etc., causing the website to be in an extremely unsafe state. |
+
+![](https://s3.bmp.ovh/imgs/2024/03/01/2b4bae4fd8ab1926.gif).