| 제목 | LazyAGI LazyLLM latest Remote Code Execution |
|---|
| 설명 | ### Summary
Remote Code Execution Through Insecure Deserialization.
### Details
The routing processing function `lazyllm_call` has a deserialization vulnerability in the file [lazyllm/components/deploy/relay/server.py](https://github.com/LazyAGI/LazyLLM/blob/main/lazyllm/components/deploy/relay/server.py#L60-L70).
The specific location calls `load_obj->cloudpickle.loads`, which leads to RCE. |
|---|
| 원천 | ⚠️ https://github.com/LazyAGI/LazyLLM/issues/764 |
|---|
| 사용자 | 0x1f (UID 89432) |
|---|
| 제출 | 2025. 09. 11. PM 07:53 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 25. PM 12:11 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 325833 [LazyAGI LazyLLM 까지 0.6.1 server.py lazyllm_call 권한 상승] |
|---|
| 포인트들 | 20 |
|---|