Remote OS Command Injection in LLama Factory from Hiyouga
CVE-2024-52803
Currently unrated
What is CVE-2024-52803?
A vulnerability has been discovered in the LLama Factory training process, where improper handling of user input can lead to remote OS command injection. This issue is primarily due to the insecure implementation of the Popen function with the shell=True parameter along with unsanitized user input. As a result, attackers can execute arbitrary commands on the host system. It is critical for users to upgrade to version 0.9.1 or later to prevent potential exploitation.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.