44 matches found
CVE-2024-52803 LLama Factory Remote OS Command Injection Vulnerability
LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...
CVE-2024-52803 LLama Factory Remote OS Command Injection Vulnerability
LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...
CVE-2024-52803
CVE-2024-52803 affects LLama Factory, where the training process is vulnerable to a remote OS command injection due to insecure use of Popen with shell=True and unsanitized user input. The issue allows an attacker to execute arbitrary OS commands on the host, with impact described as high for con...
LLaMA-Factory 操作系统命令注入漏洞
LLaMA-Factory is a fine-tuned large-scale language model by a Chinese hoshi-hiyouga individual developer. A cross-site scripting vulnerability exists in LLaMA-Factory version 0.9.0 and earlier, which stems from improper handling of user input and allows malicious actors to execute arbitrary...