漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
InternLM LMDeploy PT File utils.py load_weight_ckpt deserialization
Vulnerability Description
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
可信数据的反序列化
Vulnerability Title
lmdeploy 安全漏洞
Vulnerability Description
lmdeploy是InternLM开源的一个用于压缩、部署和服务 LLM 的工具包。 lmdeploy 0.7.1及之前版本存在安全漏洞,该漏洞源于PT文件处理组件存在反序列化问题。
CVSS Information
N/A
Vulnerability Type
N/A