Llama-Cpp-Python Remote Code Execution by Server-Side Template Injection in Model Metadata
Remote-Code Execution due to Server-Side Template Injection of unportection renderer behaviour in GGUF Model Metadata in Llama-cpp-Python
Transformers Model-Deserialization Remote-Code Execution
The load_repo_checkpoint() function under the TFPreTrainedModel() class. This vulnerability enables attackers to execute arbitrary code and commands by using a carefully crafted serialized payload.
Using eval() to load external AWS Sagemaker LLM request leading Python Command Injections in imartinez/privategpt
In sagemaker.py 's SagemakerLLM class's complete(), Since PrivateGPT used eval() instead of json.loads() to load the remote-retrieved string into a dictionary, Python-OS-command injections payload can be parsed the response of AWS Sagemaker