Submeter #542529: thu-pacman chitu <0.1.0 Deserializationinformação

Títulothu-pacman chitu <0.1.0 Deserialization
Descriçãochitu is a high-performance inference framework for large language models (LLM). A vulnerability has been identified within its codebase regarding the use of the torch.load function. In the model loading process of Chitu, the torch.load function is repeatedly utilized to load checkpoint files without specifying the weights_only=True parameter. This oversight allows the function to deserialize the entire content of the checkpoint file, including any malicious Python objects and code that might be embedded. More details: https://github.com/thu-pacman/chitu/issues/32
Fonte⚠️ https://github.com/thu-pacman/chitu/issues/32
Utilizador
 ybdesire (UID 83239)
Submissão25/03/2025 10h47 (há 1 Ano)
Moderação03/04/2025 09h17 (9 days later)
EstadoAceite
Entrada VulDB303111 [thu-pacman chitu 0.1.0 chitu/chitu/backend.py torch.load ckpt_path/quant_ckpt_dir Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!