提交 #652936: LazyAGI LazyLLM latest Remote Code Execution信息

标题LazyAGI LazyLLM latest Remote Code Execution
描述### Summary Remote Code Execution Through Insecure Deserialization. ### Details The routing processing function `lazyllm_call` has a deserialization vulnerability in the file [lazyllm/components/deploy/relay/server.py](https://github.com/LazyAGI/LazyLLM/blob/main/lazyllm/components/deploy/relay/server.py#L60-L70). The specific location calls `load_obj->cloudpickle.loads`, which leads to RCE.
来源⚠️ https://github.com/LazyAGI/LazyLLM/issues/764
用户
 0x1f (UID 89432)
提交2025-09-11 19時53分 (8 月前)
管理2025-09-25 12時11分 (14 days later)
状态已接受
VulDB条目325833 [LazyAGI LazyLLM 直到 0.6.1 server.py lazyllm_call 权限提升]
积分20

上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!