Safety vulnerability ID: 74226
The information on this page was manually curated by our Cybersecurity Intelligence Team.
A critical remote OS command injection vulnerability exists in Llama Factory due to improper handling of user input. The insecure use of the Popen function with `shell=True` and unsanitized input allows attackers to execute arbitrary OS commands, potentially compromising data, escalating privileges, or deploying malware. Immediate remediation involves avoiding `shell=True` in Popen and passing commands as lists to prevent malicious command execution, thereby mitigating the risk of data breaches and system disruption.
Latest version: 0.9.1
Easy-to-use LLM fine-tuning framework
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application