| Titolo | ComfyUI v0.3.40 Improperly Controlled Modification of Object Prototype Attribute |
|---|
| Descrizione | ComfyUI is vulnerable to python class pollution vulnerability. When a malicious controlLora model, containing the dotted pollution path in its state dict, is loaded via the controlNet loader, ComfyUI unconditionally patch model parameters based on the polluted key and their value, which can be abused leading to arbitrary internal state modification, thus achieving DoS attack. |
|---|
| Fonte | ⚠️ https://gist.github.com/superboy-zjc/f71b84ed074260a5e459581caa2f1fb2 |
|---|
| Utente | Gavin Zhong (UID 84092) |
|---|
| Sottomissione | 05/06/2025 21:12 (1 Anno fa) |
|---|
| Moderazione | 15/06/2025 11:47 (10 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 312576 [comfyanonymous comfyui 0.3.40 /comfy/utils.py set_attr negazione del servizio] |
|---|
| Punti | 19 |
|---|