5 matches found
vLLM 安全漏洞
vLLM is an open-source solution designed for LLM-based models, featuring high throughput and memory-efficient reasoning and service engines. Versions of vLLM prior to 0.7.0 to 0.19.0 contained security vulnerabilities. These vulnerabilities stemmed from the VideoMediaIO.loadbase64 method not...
CVE-2024-41950
Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja...
CVE-2024-41950 Insecure Jinja2 templates rendered in Haystack Components can lead to RCE
Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja...
CVE-2024-41950
CVE-2024-41950 affects Haystack, an open‑source end‑to‑end LLM framework. The vulnerability arises from components that render Jinja2 templates on the client side, enabling remote code execution if a user creates and renders a malicious template within a Pipeline. Multiple connected sources (incl...
CVE-2024-41950 Insecure Jinja2 templates rendered in Haystack Components can lead to RCE
Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja...