漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
VITA-MLLM Freeze-Omni utils.py torch.load deserialization
Vulnerability Description
A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up to 20250421. This issue affects the function torch.load of the file models/utils.py. The manipulation of the argument path leads to deserialization. It is possible to launch the attack on the local host.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Freeze-Omni 代码问题漏洞
Vulnerability Description
Freeze-Omni是VITA-MLLM开源的一种基于Freeze LLM的智能低延迟语音对话模型。 Freeze-Omni 20250421及之前版本存在代码问题漏洞,该漏洞源于对文件models/utils.py中参数path的错误操作导致反序列化。
CVSS Information
N/A
Vulnerability Type
N/A