| Título | ComfyUI v0.3.40 Improperly Controlled Modification of Object Prototype Attribute |
|---|
| Descripción | ComfyUI is vulnerable to python class pollution vulnerability. When a malicious controlLora model, containing the dotted pollution path in its state dict, is loaded via the controlNet loader, ComfyUI unconditionally patch model parameters based on the polluted key and their value, which can be abused leading to arbitrary internal state modification, thus achieving DoS attack. |
|---|
| Fuente | ⚠️ https://gist.github.com/superboy-zjc/f71b84ed074260a5e459581caa2f1fb2 |
|---|
| Usuario | Gavin Zhong (UID 84092) |
|---|
| Sumisión | 2025-06-05 21:12 (hace 1 Año) |
|---|
| Moderación | 2025-06-15 11:47 (10 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 312576 [comfyanonymous comfyui 0.3.40 /comfy/utils.py set_attr denegación de servicio] |
|---|
| Puntos | 19 |
|---|