CVE-2024-52803
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-52803 is a critical remote OS command injection vulnerability affecting LLama Factory, a tool used for fine-tuning large language models. The issue arises from the insecure usage of Python's `Popen` function with `shell=True` during the training process. Malicious actors can exploit this vulnerability by providing unsanitized user input, allowing them to execute arbitrary OS commands on the host system. This vulnerability poses a significant risk and requires immediate remediation. Users are advised to upgrade to version 0.9.1, which addresses this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.