| タイトル | XU-YIJIE grpo-flat 0.0 Deserialization |
|---|
| 説明 | A high - risk vulnerability exists in the `grpo-flat` project when using `torch.load` for training state restoration. In the `grpo_vanilla.py` file (lines L212C1 - L222C1), the code attempts to resume training from a "training_state.pt" file in the `model_name_or_path` directory using `torch.load` without setting `weights_only=True`. When loading untrusted data (e.g., from an external source or an untrusted location), if the file contains malicious pickle data, it can trigger the deserialization of untrusted data. As Python's pickle format can embed arbitrary code execution during deserialization, an attacker can create a malicious "training_state.pt" file. Once the `torch.load` function is called, the attacker's code will execute, potentially leading to unauthorized access to system resources, data theft, or system compromise. All versions of the affected code are impacted.
More details: https://github.com/XU-YIJIE/grpo-flat/issues/3 |
|---|
| ソース | ⚠️ https://github.com/XU-YIJIE/grpo-flat/issues/3 |
|---|
| ユーザー | ybdesire (UID 83239) |
|---|
| 送信 | 2025年05月04日 13:51 (12 月 ago) |
|---|
| モデレーション | 2025年05月15日 10:02 (11 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 309042 [XU-YIJIE grpo-flat 迄 9024b43f091e2eb9bac65802b120c0b35f9ba856 grpo_vanilla.py main 特権昇格] |
|---|
| ポイント | 20 |
|---|