CVE-2024-23730

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

GHSA-297X-2QF3-JRJ3 Unsafe yaml deserialization in llama-hub

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

CVE-2024-23730

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

CVE-2024-23730

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

Design/Logic Flaw

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

CVE-2024-23730

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

CVE-2024-23730

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

CVE-2024-23730

Affected software: LlamaHub (aka llama-hub) prior to version 0.0.67. Vulnerability: OpenAPI and ChatGPT plugin loaders parse YAML without using safe_load, enabling arbitrary code execution. Root cause: unsafe YAML deserialization. Impact (as stated): arbitrary code execution by an attacker. Affec...

LlamaHub Security Breach

LlamaHub is an open source repository full of data loaders from the LlamaHub community. A security vulnerability exists in LlamaHub versions prior to 0.0.67. An attacker can execute arbitrary code by exploiting the vulnerability...