Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution in Calculate Function in parisneo/lollms
Vulnerability Description
A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's `eval()` function to evaluate mathematical expressions within a Python sandbox that disables `__builtins__` and only allows functions from the `math` module. This sandbox can be bypassed by loading the `os` module using the `_frozen_importlib.BuiltinImporter` class, allowing an attacker to execute arbitrary commands on the server. The issue is fixed in version 9.10.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
LoLLMs 代码注入漏洞
Vulnerability Description
LoLLMs是Saifeddine ALOUI个人开发者的一个大型语言与多模态系统。 LoLLMs 9.8版本存在代码注入漏洞,该漏洞源于Calculate函数使用eval函数,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A