Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LightLLM <= 1.1.0 PD Mode Unsafe Deserialization RCE
Vulnerability Description
LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD (prefill-decode) disaggregation mode. The PD master node exposes WebSocket endpoints that receive binary frames and pass the data directly to pickle.loads() without authentication or validation. A remote attacker who can reach the PD master can send a crafted payload to achieve arbitrary code execution.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
LightLLM 代码问题漏洞
Vulnerability Description
LightLLM是ModelTC开源的一个大语言模型推理和服务框架。 LightLLM 1.1.0及之前版本存在代码问题漏洞,该漏洞源于PD主节点暴露的WebSocket端点未经身份验证或验证,可能导致未经身份验证的远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A