Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code will be passed to an eval function which executes it.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
Autolabel 安全漏洞
Vulnerability Description
Autolabel是refuel-ai开源的一个 Python 库。用于使用任何大型语言模型 (LLM) 来标记、清理和丰富文本数据集。 Autolabel 0.0.8及之前版本存在安全漏洞,该漏洞源于存在任意代码执行漏洞,如果用户使用包含Python代码的恶意制作的CSV文件创建分类任务,则该代码将传递给执行该任务的eval函数。
CVSS Information
N/A
Vulnerability Type
N/A