Описание
LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafy_baichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load() on user-supplied .bin files from an input directory. An attacker can exploit this behavior by crafting a malicious .bin file that executes arbitrary commands during deserialization. This issue has been patched in version 1.0.0.
Ссылки
- Patch
- ExploitVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.0 (исключая)
cpe:2.3:a:hiyouga:llama-factory:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00172
Низкий
6.1 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 6.1
github
10 месяцев назад
LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
EPSS
Процентиль: 39%
0.00172
Низкий
6.1 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-502