Описание
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
A flaw was found in ModelScope, Red Hat AI Inference Server, and Red Hat OpenShift AI. This command injection vulnerability allows a remote attacker to execute arbitrary operating system commands. The exploitation occurs through crafted prompt-derived input, leading to arbitrary code execution on the affected system.
Отчет
This MODERATE impact command injection vulnerability affects Red Hat AI Inference Server and Red Hat OpenShift AI (RHOAI) through the ModelScope ms-agent component. An attacker can execute arbitrary operating system commands by providing specially crafted input derived from prompts.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat AI Inference Server | rhaiis-preview/vllm-cuda-rhel9 | Fix deferred | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-kserve-agent-rhel9 | Fix deferred | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-kserve-controller-rhel9 | Fix deferred | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-kserve-router-rhel9 | Fix deferred | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-kserve-storage-initializer-rhel9 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
EPSS
6.5 Medium
CVSS3