9 matches found
CVE-2024-23730
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
GHSA-297X-2QF3-JRJ3 Unsafe yaml deserialization in llama-hub
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
CVE-2024-23730
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
CVE-2024-23730
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
Design/Logic Flaw
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
CVE-2024-23730
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
LlamaHub Security Breach
LlamaHub is an open source repository full of data loaders from the LlamaHub community. A security vulnerability exists in LlamaHub versions prior to 0.0.67. An attacker can execute arbitrary code by exploiting the vulnerability...
CVE-2024-23730
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
CVE-2024-23730
Affected software: LlamaHub (aka llama-hub) prior to version 0.0.67. Vulnerability: OpenAPI and ChatGPT plugin loaders parse YAML without using safe_load, enabling arbitrary code execution. Root cause: unsafe YAML deserialization. Impact (as stated): arbitrary code execution by an attacker. Affec...