D0N9

**Name of the Vulnerable Software and Affected Versions** ComfyUI-Manager versions prior to 3.39.2 ComfyUI-Manager versions prior to 4.0.5 **Description** ComfyUI-Manager, an extension for ComfyUI, is susceptible to arbitrary configuration injection. An attacker can inject special characters into HTTP query parameters, allowing them to add arbitrary configuration values to the `config.ini` file. This can result in security setting tampering or modification of application behavior. **Recommendations** Update ComfyUI-Manager to version 3.39.2 or later. Update ComfyUI-Manager to version 4.0.5 or later.