OS Command Injection

github.com/kubeai-project/kubeai is vulnerable to OS Command Injection. The vulnerability is due to the ollamaStartupProbeScript function constructing a shell command with unsanitized model URL components ref and modelParam and executing it via bash -c, which allows an attacker with permission to...

KubeAI 操作系统命令注入漏洞

KubeAI is an open-source AI inference platform for deploying and scaling machine learning models on Kubernetes. Versions of KubeAI prior to 0.23.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the use of uncleaned model URL components by...