Описание
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.7.1 (включая)
cpe:2.3:a:internlm:lmdeploy:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00041
Низкий
5.3 Medium
CVSS3
7.8 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-74
CWE-94
Связанные уязвимости
EPSS
Процентиль: 12%
0.00041
Низкий
5.3 Medium
CVSS3
7.8 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-74
CWE-94