Comfy-Org/ComfyUI_frontend
1
0
Fork 0
mirror of https://github.com/Comfy-Org/ComfyUI_frontend.git synced 2026-02-09 17:40:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix path traversal vulnerability in fetchJobDetail

Browse Source 
Encode promptId with encodeURIComponent when building the URL to prevent
path traversal or routing issues with non-UUID values.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Richard Yu
2025-12-05 14:00:33 -08:00
parent d22566702b
commit 0855b85b4f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/platform/remote/comfyui/jobs/fetchers/fetchJobs.ts
View File

@@ -131,7 +131,7 @@ export async function fetchJobDetail(
promptId: PromptId
): Promise<JobDetail | undefined> {
try {
const res = await fetchApi(`/jobs/${promptId}`)
const res = await fetchApi(`/jobs/${encodeURIComponent(promptId)}`)
if (!res.ok) {
console.warn(`Job not found for prompt ${promptId}`)