3 matches found
jllama-py (>=1.0.0 <=1.1.14) potentially affected by CVE-2025-53002 via llamafactory (=0.9.3)
llamafactory PYPI version =0.9.3 is affected by a known vulnerability. The following packages have a transitive dependency on llamafactory and may be impacted: - jllama-py =1.0.0, =1.1.14 Source cves: CVE-2025-53002 Source advisory: SNYK:PYTHON-LLAMAFACTORY-12671321...
jllama-py (>=1.0.0 <=1.1.14) potentially affected by CVE-2025-53002 via llamafactory (=0.9.3)
llamafactory PYPI version =0.9.3 is affected by a known vulnerability. The following packages have a transitive dependency on llamafactory and may be impacted: - jllama-py =1.0.0, =1.1.14 Source cves: CVE-2025-53002 Source advisory: OSV:GHSA-XJ56-P8MM-QMXJ...
Command Injection
Overview llamafactory is an Easy-to-use LLM fine-tuning framework Affected versions of this package are vulnerable to Command Injection insecure usage of the Popen function with shell=True, coupled with unsanitized user input. An attacker can execute arbitrary commands on the operating system,...