Soumettre #652936: LazyAGI LazyLLM latest Remote Code Executioninformation

TitreLazyAGI LazyLLM latest Remote Code Execution
Description### Summary Remote Code Execution Through Insecure Deserialization. ### Details The routing processing function `lazyllm_call` has a deserialization vulnerability in the file [lazyllm/components/deploy/relay/server.py](https://github.com/LazyAGI/LazyLLM/blob/main/lazyllm/components/deploy/relay/server.py#L60-L70). The specific location calls `load_obj->cloudpickle.loads`, which leads to RCE.
La source⚠️ https://github.com/LazyAGI/LazyLLM/issues/764
Utilisateur
 0x1f (UID 89432)
Soumission11/09/2025 19:53 (il y a 8 mois)
Modérer25/09/2025 12:11 (14 days later)
StatutAccepté
Entrée VulDB325833 [LazyAGI LazyLLM jusqu’à 0.6.1 server.py lazyllm_call élévation de privilèges]
Points20

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!