Protosec

[[Prototype]]

Cutting-
Edge;
Security
AI.

Protosec

[[Prototype]]

is a Threat-targeting Researching Lab focusing on the world’s most cutting-edge fields.

Artificial Intelligence /
Machine Learning /
Security

AI/ML

Natural-Language-Processing /
Machine-Learning based /
Exploitation Automation

AutoPwn

Threat Identification

Protosec has made significant impacts on the world by identifying real-life threats.

Llama-Cpp-Python Remote Code Execution by Server-Side Template Injection in Model Metadata

Remote-Code Execution due to Server-Side Template Injection of unportection renderer behaviour in GGUF Model Metadata in Llama-cpp-Python

Transformers Model-Deserialization Remote-Code Execution

The load_repo_checkpoint() function under the TFPreTrainedModel() class. This vulnerability enables attackers to execute arbitrary code and commands by using a carefully crafted serialized payload.

Using eval() to load external AWS Sagemaker LLM request leading Python Command Injections in imartinez/privategpt

In sagemaker.py 's SagemakerLLM class's complete(), Since PrivateGPT used eval() instead of json.loads() to load the remote-retrieved string into a dictionary, Python-OS-command injections payload can be parsed the response of AWS Sagemaker