26 matches found
vLLM 代码问题漏洞
vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code issue vulnerability exists in versions of vLLM prior to v0.7.0 that stems from arbitrary code execution during unpickling when torch.load loads malicious pickle data...
Deserialization Of Untrusted Data
MindsDB is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper deserialization of untrusted pickle data in the finetune method within byomhandler.py, which allows the execution of arbitrary code on the server during the 'finetune' process...
PYSEC-2024-23
Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...
GHSA-9FQ2-X9R6-WFMF Numpy Deserialization of Untrusted Data
DISPUTED An issue was discovered in NumPy 1.16.2 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...
PYSEC-2018-64
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
UBUNTU-CVE-2018-7889
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...