4 matches found
PYSEC-2026-393 Unsafe yaml deserialization in llama-hub
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
Arbitrary Code Execution
llama-hub is vulnerable to Arbitrary Code Execution. The vulnerability is due to missing safeload configuration during YAML parsing. An attackers can execute arbitrary code by exploiting this vulnerability...
docsrag (>=0.1.0 <=0.1.6) potentially affected by CVE-2024-23730 via llama-hub (=0.0.25)
llama-hub PYPI version =0.0.25 is affected by a known vulnerability. The following packages have a transitive dependency on llama-hub and may be impacted: - docsrag =0.1.0, =0.1.6 Source cves: CVE-2024-23730 Source advisory: OSV:GHSA-297X-2QF3-JRJ3...
Unsafe yaml deserialization in llama-hub
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...