| Название | XU-YIJIE grpo-flat 0.0 Deserialization |
|---|
| Описание | A high - risk vulnerability exists in the `grpo-flat` project when using `torch.load` for training state restoration. In the `grpo_vanilla.py` file (lines L212C1 - L222C1), the code attempts to resume training from a "training_state.pt" file in the `model_name_or_path` directory using `torch.load` without setting `weights_only=True`. When loading untrusted data (e.g., from an external source or an untrusted location), if the file contains malicious pickle data, it can trigger the deserialization of untrusted data. As Python's pickle format can embed arbitrary code execution during deserialization, an attacker can create a malicious "training_state.pt" file. Once the `torch.load` function is called, the attacker's code will execute, potentially leading to unauthorized access to system resources, data theft, or system compromise. All versions of the affected code are impacted.
More details: https://github.com/XU-YIJIE/grpo-flat/issues/3 |
|---|
| Источник | ⚠️ https://github.com/XU-YIJIE/grpo-flat/issues/3 |
|---|
| Пользователь | ybdesire (UID 83239) |
|---|
| Представление | 04.05.2025 13:51 (12 месяцы назад) |
|---|
| Модерация | 15.05.2025 10:02 (11 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 309042 [XU-YIJIE grpo-flat до 9024b43f091e2eb9bac65802b120c0b35f9ba856 grpo_vanilla.py main эскалация привилегий] |
|---|
| Баллы | 20 |
|---|