| 제목 | FunAudioLLM InspireMusic 0.0 Deserialization |
|---|
| 설명 | InspireMusic is a unified framework for music, song, and audio generation by LLM. It uses the torch.load function to load data without specifying the weights_only=True parameter. This function is used to deserialize data, and when it loads untrusted data, it may lead to the execution of arbitrary code during the deserialization process. Since the source of the data loaded by torch.load is not verified, there is a risk that malicious model can be used to exploit this vulnerability.
More details: https://github.com/FunAudioLLM/InspireMusic/issues/53 |
|---|
| 원천 | ⚠️ https://github.com/FunAudioLLM/InspireMusic/issues/53 |
|---|
| 사용자 | ybdesire (UID 83239) |
|---|
| 제출 | 2025. 05. 08. PM 04:07 (12 개월 ago) |
|---|
| 모더레이션 | 2025. 05. 24. PM 06:25 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 310236 [FunAudioLLM InspireMusic 까지 bf32364bcb0d136497ca69f9db622e9216b029dd Pickle Data model.py load_state_dict 권한 상승] |
|---|
| 포인트들 | 20 |
|---|