ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler
Vulnerability Type: CRLF Injection via ConfigParser An attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. Affected Users: Users running ComfyUI-Manager in environments where ComfyUI is configured with the –listen option to allow remote access. CVSS Score: 7.5 (High)