| 제목 | XU-YIJIE grpo-flat 0.0 Deserialization |
|---|
| 설명 | A high - risk vulnerability exists in the `grpo-flat` project when using `torch.load` for training state restoration. In the `grpo_vanilla.py` file (lines L212C1 - L222C1), the code attempts to resume training from a "training_state.pt" file in the `model_name_or_path` directory using `torch.load` without setting `weights_only=True`. When loading untrusted data (e.g., from an external source or an untrusted location), if the file contains malicious pickle data, it can trigger the deserialization of untrusted data. As Python's pickle format can embed arbitrary code execution during deserialization, an attacker can create a malicious "training_state.pt" file. Once the `torch.load` function is called, the attacker's code will execute, potentially leading to unauthorized access to system resources, data theft, or system compromise. All versions of the affected code are impacted.
More details: https://github.com/XU-YIJIE/grpo-flat/issues/3 |
|---|
| 원천 | ⚠️ https://github.com/XU-YIJIE/grpo-flat/issues/3 |
|---|
| 사용자 | ybdesire (UID 83239) |
|---|
| 제출 | 2025. 05. 04. PM 01:51 (12 개월 ago) |
|---|
| 모더레이션 | 2025. 05. 15. AM 10:02 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 309042 [XU-YIJIE grpo-flat 까지 9024b43f091e2eb9bac65802b120c0b35f9ba856 grpo_vanilla.py main 권한 상승] |
|---|
| 포인트들 | 20 |
|---|