Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GAIR-NLP factool tool.py run_single code injection
Vulnerability Description
A vulnerability was found in GAIR-NLP factool up to 3f3914bc090b644be044b7e0005113c135d8b20f. It has been classified as critical. This affects the function run_single of the file factool/factool/math/tool.py. The manipulation leads to code injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
factool 注入漏洞
Vulnerability Description
factool是GAIR开源的一个工具增强框架,用于检测大型语言模型(例如 ChatGPT)生成的文本中的事实错误。 factool存在注入漏洞,该漏洞源于文件factool/factool/math/tool.py中函数run_single存在代码注入漏洞。
CVSS Information
N/A
Vulnerability Type
N/A