| عنوان | thu-pacman chitu <0.1.0 Deserialization |
|---|
| الوصف | chitu is a high-performance inference framework for large language models (LLM). A vulnerability has been identified within its codebase regarding the use of the torch.load function. In the model loading process of Chitu, the torch.load function is repeatedly utilized to load checkpoint files without specifying the weights_only=True parameter. This oversight allows the function to deserialize the entire content of the checkpoint file, including any malicious Python objects and code that might be embedded.
More details: https://github.com/thu-pacman/chitu/issues/32 |
|---|
| المصدر | ⚠️ https://github.com/thu-pacman/chitu/issues/32 |
|---|
| المستخدم | ybdesire (UID 83239) |
|---|
| ارسال | 25/03/2025 10:47 AM (1 سنة منذ) |
|---|
| الاعتدال | 03/04/2025 09:17 AM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 303111 [thu-pacman chitu 0.1.0 chitu/chitu/backend.py torch.load ckpt_path/quant_ckpt_dir تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|