| 제목 | ComfyUI v0.3.40 Improperly Controlled Modification of Object Prototype Attribute |
|---|
| 설명 | ComfyUI is vulnerable to python class pollution vulnerability. When a malicious controlLora model, containing the dotted pollution path in its state dict, is loaded via the controlNet loader, ComfyUI unconditionally patch model parameters based on the polluted key and their value, which can be abused leading to arbitrary internal state modification, thus achieving DoS attack. |
|---|
| 원천 | ⚠️ https://gist.github.com/superboy-zjc/f71b84ed074260a5e459581caa2f1fb2 |
|---|
| 사용자 | Gavin Zhong (UID 84092) |
|---|
| 제출 | 2025. 06. 05. PM 09:12 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 06. 15. AM 11:47 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 312576 [comfyanonymous comfyui 0.3.40 /comfy/utils.py set_attr 서비스 거부] |
|---|
| 포인트들 | 19 |
|---|