A recent discovery revealed a major vulnerability in a Python package widely used by AI developers, allowing for arbitrary code execution and putting systems at risk. Identified by Patrick Peng and tracked as CVE-2024-34359, the issue, named Llama Drama, stems from the Jinja2 template engine and the llama_cpp_python package’s improper handling of model metadata.
This flaw, highlighted by Checkmarx, could enable template injection attacks due to a lack of security measures like sandboxing. Over 6,000 AI models on Hugging Face are affected. A patch, version 0.2.72 of llama_cpp_python, has been released to address this vulnerability.
Read more – Critical Flaw in AI Python Package Can Lead to System and Data Compromise
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
