Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library (versions = 5.3.1). If an attacker can control the content of the YAML configuration file passed to the --run_config parameter, arbitrary code can be executed during deserialization. This can lead to full system compromise. The vulnerability is triggered when a malicious YAML file is loaded, allowing the execution of arbitrary Python commands such as os.system(). It is recommended to upgrade PyYAML to version 5.4 or higher, and to use yaml.safe_load() to mitigate the issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SWIFT 安全漏洞
Vulnerability Description
SWIFT是ModelScope开源的一个大模型与多模态大模型微调部署框架。 SWIFT 3.3.0版本存在安全漏洞,该漏洞源于PyYAML库中yaml.load()不安全反序列化,可能导致任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A