ComfyUI Path Traversal Vulnerability in Model Preview Endpoint

A path traversal vulnerability has been identified in ComfyUI versions through 0.13.0. The issue resides in the 'get_model_preview' function within 'app/model_manager.py', specifically in the Model Preview Endpoint. This vulnerability allows an unauthenticated attacker to read arbitrary image files from the server's filesystem by injecting an absolute path through URL encoding. The exploited file content is returned re-encoded as a WEBP image.

Impact

Exploitation of this vulnerability allows for arbitrary image file reading from the server filesystem, including training data, user-generated images, model preview images, and other sensitive image data accessible by the server process. The vulnerability also acts as a file existence oracle for image files, revealing their presence based on the response received.

Reproduction

To reproduce this vulnerability, ComfyUI version 0.13.0 must be running in the default configuration with no authentication required. First, place a test image outside the models directory, such as in the '/tmp/' directory. Then, exploit the vulnerability by sending a request to the '/experiment/models/preview/checkpoints/0/' endpoint, URL-encoding the path to the test image. The server will respond with the image, re-encoded as a WEBP file.