Cutting-Edge;SecurityAI.
Protosec
[[Prototype]]
is a Threat-targeting Researching Lab focusing on the world’s most cutting-edge fields.
Artificial Intelligence /
Machine Learning /
Security
AI/ML
Natural-Language-Processing /
Machine-Learning based /
Exploitation Automation
AutoPwn
Threat Identification
Protosec has made significant impacts on the world by identifying real-life threats.
Llama-Cpp-Python Remote Code Execution by Server-Side Template Injection in Model Metadata
Remote-Code Execution due to Server-Side Template Injection of unportection renderer behaviour in GGUF Model Metadata in Llama-cpp-Python
Transformers Model-Deserialization Remote-Code Execution
The load_repo_checkpoint() function under the TFPreTrainedModel() class. This vulnerability enables attackers to execute arbitrary code and commands by using a carefully crafted serialized payload.
Using eval() to load external AWS Sagemaker LLM request leading Python Command Injections in imartinez/privategpt
In sagemaker.py 's SagemakerLLM class's complete(), Since PrivateGPT used eval() instead of json.loads() to load the remote-retrieved string into a dictionary, Python-OS-command injections payload can be parsed the response of AWS Sagemaker