Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
NVIDIA Megatron-LM 代码注入漏洞
Vulnerability Description
NVIDIA Megatron-LM是美国英伟达(NVIDIA)公司的一个基于PyTorch 的分布式训练框架,专门用于训练大型Transformer语言模型。 NVIDIA Megatron-LM存在代码注入漏洞,该漏洞源于tasks/orqa/unsupervised/nq.py组件存在代码注入漏洞,可能导致执行任意代码、权限提升、信息泄露和数据篡改。
CVSS Information
N/A
Vulnerability Type
N/A