Package Instance

ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler
**Vulnerability Type**: CRLF Injection via ConfigParser

An attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the `config.ini` file. This can lead to security setting tampering or modification of application behavior.

**Affected Users**: Users running ComfyUI-Manager in environments where ComfyUI is configured with the `--listen` option to allow remote access.

**CVSS Score**: 7.5 (High)