EUVD-2024-44465

Malicious code in bioql PyPI...

CVE-2024-34359

llama-cpp-python is the Python bindings for llama.cpp. llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUM...

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

A critical security flaw has been disclosed in the llamacpppython Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 CVSS score: 9.7, the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If...

CVE-2024-34359

creationtimestamp| type| source ---|---|--- 2024-05-17 08:03:06+00:00| published-proof-of-concept| https://t.me/HackingInsights/582 2024-05-17 15:53:40+00:00| seen| https://t.me/informationsecuritychannel/52213 2024-05-21 13:16:03+00:00| seen| https://t.me/KomunitiSiber/1975 2024-05-21...

akasha-terminal (>=0.8.0 <=0.8.23), coconut-ai (>=0.2.0 <=1.0.0) +7 more potentially affected by CVE-2024-34359 via llama-cpp-python (>=0.2.32 <=0.2.67)

llama-cpp-python PYPI version =0.2.32, =0.8.0, =0.2.0, =0.1.5, =0.0.1, =0.2.2, =0.0.7, =1.8.1.dev11, =0.0.20, =0.0.26 Source cves: CVE-2024-34359 Source advisory: OSV:GHSA-56XG-WFCC-G829...