CVE-2024-34359
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
llama-cpp-python is the Python bindings for llama.cpp. llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The __init__ constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUMA, LoRa settings, loading tokenizers, and hardware settings, __init__ also loads the chat template from targeted .gguf 's Metadata and furtherly parses it to llama_chat_format.Jinja2ChatFormatter.to_chat_handler() to construct the self.chat_handler for this model. Nevertheless, Jinja2ChatFormatter parse the chat template within the Metadate with sandbox-less jinja2.Environment, which is furthermore rendered in __call__ to construct the prompt of interaction. This allows jinja2 Server Side Template Injection which leads to remote code execution by a carefully constructed payload.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| abetlen | llama-cpp-python | >= 0.2.30, <= 0.2.71 | affected |
Weaknesses
- CWE-76: CWE-76: Improper Neutralization of Equivalent Special Elements
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://github.com/abetlen/llama-cpp-python/security/advisories/GHSA-56xg-wfcc-g829
- https://github.com/abetlen/llama-cpp-python/commit/b454f40a9a1787b2b5659cd2cb00819d983185df
References
- https://github.com/abetlen/llama-cpp-python/security/advisories/GHSA-56xg-wfcc-g829
- https://github.com/abetlen/llama-cpp-python/commit/b454f40a9a1787b2b5659cd2cb00819d983185df
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.