Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
NVIDIA NeMo Framework 注入漏洞
Vulnerability Description
NVIDIA Nemo Framework是美国英伟达(NVIDIA)公司的一款用于构建和部署生成式 AI 模型的框架。 NVIDIA NeMo Framework存在代码注入漏洞,该漏洞源于retrieval services组件中恶意数据可能导致代码注入,进而导致代码执行、权限提升、信息泄露和数据篡改。
CVSS Information
N/A
Vulnerability Type
N/A