{"id":6894,"date":"2025-06-16T01:29:53","date_gmt":"2025-06-16T01:29:53","guid":{"rendered":"http:\/\/localhost\/?p=6894"},"modified":"2025-06-16T01:29:53","modified_gmt":"2025-06-16T01:29:53","slug":"comfyanonymous-comfyui-utilspy-setattr-dynamically-determined-object-attributes","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6894","title":{"rendered":"comfyanonymous comfyui utils.py set_attr dynamically-determined object attributes"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\ncomfyanonymous comfyui utils.py set_attr dynamically-determined object attributes<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-16T05:00:10.834Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\ncomfyanonymous<\/td>\n<\/tr>\n
Product<\/th>\ncomfyui<\/td>\n<\/tr>\n
Version<\/th>\n0.3.40<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n2.3 (LOW)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:H\/AT:N\/PR:N\/UI:P\/VC:N\/VI:N\/VA:L\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA vulnerability in comfyui 0.3.40 allows remote attackers to manipulate dynamically-determined object attributes via the set_attr function in utils.py. The attack is complex and difficult to exploit, but the exploit has been publicly disclosed and may be used. The vendor did not respond to early disclosure.<\/td>\n<\/tr>\n
AI Severity<\/th>\nLow<\/td>\n<\/tr>\n
Vendor<\/th>\ncomfyanonymous<\/td>\n<\/tr>\n
Product<\/th>\ncomfyui<\/td>\n<\/tr>\n
Affected Version<\/th>\n0.3.40<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n