ComfyUI Class Pollution Vulnerability Leading to Denial-of-Service

A class pollution vulnerability has been identified in ComfyUI version 0.3.40. The issue arises in the 'set_attr' function within 'comfy/utils.py', where the application improperly controls the modification of object attributes. This vulnerability can be exploited remotely, although it requires a high level of complexity and user interaction. The exploitation involves loading a malicious ControlLora model that contains harmful state dictionary key-value pairs, which can then be used to alter internal class attributes in the Python runtime. Such modifications can disrupt the normal operation of the application, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes all model-related operations to crash, disrupting the application's functionality.

Reproduction

The vulnerability can be reproduced by downloading a malicious ControlLora model that includes a polluted state dictionary. This model can be loaded into ComfyUI via the ControlNet loader. Once the model is loaded, the 'set_attr' function is triggered, allowing the pollution to overwrite the '__getattribute__' method of 'torch.nn.Module' classes with an uncallable value, such as 'torch.rand(1)'. This overwrite causes errors when accessing attributes of the module, as the method is essential for attribute access in Python classes.