| عنوان | Bytedance verl <=0.7.0 Arbitrary Code Execution |
|---|
| الوصف | verl is an open-sou large model reinfoment learning training framework by ByteDance (20k+ Stars), supporting algorithms such as PPO and GRPO. In its math answer scoring module prime_math/grader.py, the math_equal() function is used to compare whether the model-generated answer is equivalent to the ground truth answer.
When the ground truth answer is a matrix type (containing \begin{pmatrix}) and the model's output answer starts with [ and ends with ], the code directly calls Python's built-in eval() function on the model output without any input sanitization or sandbox isolation.
An attacker can use Indirect Prompt Injection (injecting malicious instructions into the training dataset) to induce the LLM to output a string containing malicious Python code when answering matrix-type math problems. This string is extracted by match_answer(), passed into math_equal(), and ultimately executed by eval(), achieving arbitrary code execution (ACE). |
|---|
| المصدر | ⚠️ https://github.com/zast-ai/vulnerability-reports/blob/main/bytedance/verl_rce.md |
|---|
| المستخدم | ZAST.AI (UID 87884) |
|---|
| ارسال | 02/04/2026 07:08 AM (21 أيام منذ) |
|---|
| الاعتدال | 22/04/2026 08:23 PM (21 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 359040 [ByteDance verl حتى 0.7.0 prime_math/grader.py math_equal تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|