| عنوان | ComfyUI v0.3.40 Improperly Controlled Modification of Object Prototype Attribute |
|---|
| الوصف | ComfyUI is vulnerable to python class pollution vulnerability. When a malicious controlLora model, containing the dotted pollution path in its state dict, is loaded via the controlNet loader, ComfyUI unconditionally patch model parameters based on the polluted key and their value, which can be abused leading to arbitrary internal state modification, thus achieving DoS attack. |
|---|
| المصدر | ⚠️ https://gist.github.com/superboy-zjc/f71b84ed074260a5e459581caa2f1fb2 |
|---|
| المستخدم | Gavin Zhong (UID 84092) |
|---|
| ارسال | 05/06/2025 09:12 PM (1 سنة منذ) |
|---|
| الاعتدال | 15/06/2025 11:47 AM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 312576 [comfyanonymous comfyui 0.3.40 /comfy/utils.py set_attr الحرمان من الخدمة] |
|---|
| النقاط | 19 |
|---|