| शीर्षक | LazyAGI LazyLLM latest Remote Code Execution |
|---|
| विवरण | ### Summary
Remote Code Execution Through Insecure Deserialization.
### Details
The routing processing function `lazyllm_call` has a deserialization vulnerability in the file [lazyllm/components/deploy/relay/server.py](https://github.com/LazyAGI/LazyLLM/blob/main/lazyllm/components/deploy/relay/server.py#L60-L70).
The specific location calls `load_obj->cloudpickle.loads`, which leads to RCE. |
|---|
| स्रोत | ⚠️ https://github.com/LazyAGI/LazyLLM/issues/764 |
|---|
| उपयोगकर्ता | 0x1f (UID 89432) |
|---|
| सबमिशन | 11/09/2025 07:53 PM (8 महीनों पहले) |
|---|
| संयम | 25/09/2025 12:11 PM (14 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 325833 [LazyAGI LazyLLM तक 0.6.1 server.py lazyllm_call अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|