漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Code Injection in huggingface/text-generation-inference
Vulnerability Description
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the `autodocs.yml` workflow file. The vulnerability arises from the insecure handling of the `github.head_ref` user input, which is used to dynamically construct a command for installing a software package. An attacker can exploit this by forking the repository, creating a branch with a malicious payload as the name, and then opening a pull request to the base repository. Successful exploitation could lead to arbitrary code execution within the context of the GitHub Actions runner. This issue affects versions up to and including v2.0.0 and was fixed in version 2.0.0.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Text Generation Inference 安全漏洞
Vulnerability Description
Text Generation Inference是一个用于文本生成推理的 Rust、Python 和 gRPC 服务器。 Text Generation Inference 2.0.0及之前版本存在安全漏洞,该漏洞源于对用户输入的不安全处理,存在代码注入漏洞,攻击者利用此漏洞可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A