13 matches found
Malicious code in gt-tester-exp-profiler-exp-00000017 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1490f970bd52c80c89f33029f9e875f1fb595014621d50e0ce87a167d1cd348 setup.py installs a site-wide.pth file gttesterexpprofilerexp00000017probe.pth into site-packages that imports the package's probe module and calls...
CVE-2026-34940
KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript function in internal/modelcontroller/engineollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components ref, modelParam. This shell command is executed via bash ...
Regular Expression without Anchors
Overview Affected versions of this package are vulnerable to Regular Expression without Anchors in the parseModelURL function in Ollama Engine startup probe that allows shell metacharacters like ;, |, $, and backticks. An attacker can execute arbitrary operating system commands by supplying a...
GO-2026-4920 KubeAI: OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods in github.com/kubeai-project/kubeai
KubeAI: OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods in github.com/kubeai-project/kubeai...
CVE-2026-34940
KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript function in internal/modelcontroller/engineollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components ref, modelParam. This shell command is executed via bash ...
CVE-2026-34940 KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods
KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript function in internal/modelcontroller/engineollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components ref, modelParam. This shell command is executed via bash ...
CVE-2026-34940
KubeAI has a OS Command Injection vulnerability in the Ollama Engine startup probe. Before version 0.23.2, the ollamaStartupProbeScript() constructs a shell command via fmt.Sprintf using unsanitized model URL components (ref, modelParam) and runs it with bash -c as a Kubernetes startup probe. An ...
EUVD-2026-19355
KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript function in internal/modelcontroller/engineollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components ref, modelParam. This shell command is executed via bash ...
CVE-2026-34940 KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods
KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript function in internal/modelcontroller/engineollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components ref, modelParam. This shell command is executed via bash ...
KubeAI 操作系统命令注入漏洞
KubeAI is an open-source AI inference platform for deploying and scaling machine learning models on Kubernetes. Versions of KubeAI prior to 0.23.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the use of uncleaned model URL components by...
GHSA-324Q-CWX9-7CRR KubeAI: OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods
CHAMP: Description Summary The ollamaStartupProbeScript function in internal/modelcontroller/engineollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components ref, modelParam. This shell command is executed via bash -c as a Kubernetes startup probe. An...
KubeAI: OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods
CHAMP: Description Summary The ollamaStartupProbeScript function in internal/modelcontroller/engineollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components ref, modelParam. This shell command is executed via bash -c as a Kubernetes startup probe. An...
PT-2026-29827
CHAMP: Description Summary The ollamaStartupProbeScript function in internal/modelcontroller/engine ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components ref, modelParam. This shell command is executed via bash -c as a Kubernetes startup probe. An...