Описание
LMDeploy Improper Input Validation Vulnerability
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Пакеты
lmdeploy
<= 0.7.1
Отсутствует
EPSS
4.8 Medium
CVSS4
5.3 Medium
CVSS3
CVE ID
Дефекты
Связанные уязвимости
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
EPSS
4.8 Medium
CVSS4
5.3 Medium
CVSS3