Описание
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Ссылки
- ExploitIssue TrackingVendor Advisory
- ExploitIssue TrackingVendor Advisory
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.7.1 (включая)
cpe:2.3:a:internlm:lmdeploy:*:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00128
Низкий
5.3 Medium
CVSS3
7.8 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-20
CWE-502
Связанные уязвимости
EPSS
Процентиль: 32%
0.00128
Низкий
5.3 Medium
CVSS3
7.8 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-20
CWE-502