Critical vulnerability reported in llama-cpp-python can lead to remote code execution
Take action: If you are using the llama-cpp-python package and are exposing chat interface to users for your model, update it ASAP. Otherwise hackers will eventually find your chat interface and exploit it.
Learn More
A critical vulnerability in the llama-cpp-python package, a popular Python package for large-language models (LLMs), has been reported, potentially affecting over 6,000 models and posing a significant risk for supply chain attacks.
The flaw, tracked as CVE-2024-34359 (CVSS score 9.7) involves server-side template injection that can lead to remote code execution (RCE) due to improper implementation of the Jinja2 template engine. The llama-cpp-python package, which provides Python bindings for the llama.cpp library used to run LLMs like Meta’s LLaMA, was found to be parsing chat templates stored in metadata without proper sanitization or sandboxing. This allows attackers to inject malicious templates.
Security researcher Patrick Peng demonstrated a proof-of-concept exploit on Hugging Face, showing how compromised models could execute arbitrary code upon loading or initiating a chat session.
A fix for CVE-2024-34359 was released in version 0.2.72 of llama_cpp_python, which includes input validation and sandboxing measures during template rendering. Users of the affected package are strongly advised to update to the latest version to mitigate this critical risk.
