Homepage

llamafactory@0.8.0 vulnerabilities

Unified Efficient Fine-Tuning of 100+ LLMs

  • latest version

    0.9.2

  • latest non vulnerable version

    0.9.2

  • first published

    11 months ago

  • latest version published

    1 months ago

  • licenses detected

  • View llamafactory package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the llamafactory package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Command Injection

    llamafactory is an Easy-to-use LLM fine-tuning framework

    Affected versions of this package are vulnerable to Command Injection insecure usage of the Popen function with shell=True, coupled with unsanitized user input. An attacker can execute arbitrary commands on the operating system, possibly compromising sensitive data or escalating privileges.

    How to fix Command Injection?

    Upgrade llamafactory to version 0.9.1 or higher.

    [,0.9.1)
    Go back to all versions of this package