漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
GAIR-NLP factool tool.py run_single code injection
Vulnerability Description
A vulnerability was found in GAIR-NLP factool up to 3f3914bc090b644be044b7e0005113c135d8b20f. It has been classified as critical. This affects the function run_single of the file factool/factool/math/tool.py. The manipulation leads to code injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
factool 注入漏洞
Vulnerability Description
factool是GAIR开源的一个工具增强框架,用于检测大型语言模型(例如 ChatGPT)生成的文本中的事实错误。 factool存在注入漏洞,该漏洞源于文件factool/factool/math/tool.py中函数run_single存在代码注入漏洞。
CVSS Information
N/A
Vulnerability Type
N/A