3 matches found
PYSEC-2026-393 Unsafe yaml deserialization in llama-hub
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
CVE-2024-23730
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
PT-2024-20040
Name of the Vulnerable Software and Affected Versions LlamaHub aka llama-hub versions prior to 0.0.67 Description The OpenAPI and ChatGPT plugin loaders in LlamaHub allow attackers to execute arbitrary code because safe load is not used for YAML. This issue enables attackers to execute arbitrary...