CVE-2024-4343 | imartinez privategpt up to 0.3.0 SageMaker LLM Endpoint sagemaker.py complete os command injection

Inserito da Angelo Barbosa | Nov 14, 2024 | CVE

A vulnerability classified as very critical was found in imartinez privategpt up to 0.3.0. Affected by this vulnerability is the function complete of the file /private_gpt/components/llm/custom/sagemaker.py of the component SageMaker LLM Endpoint. The manipulation leads to os command injection.

This vulnerability is known as CVE-2024-4343. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-4343 | imartinez privategpt up to 0.3.0 SageMaker LLM Endpoint sagemaker.py complete os command injection

Post correlati

CVE-2023-37233 | Loftware Spectrum up to 4.6 HF13 xml external entity reference

CVE-2024-2351 | CodeAstro Ecommerce Site 1.0 Search action.php cat_id/brand_id/keyword sql injection

CVE-2024-9713 | Trimble SketchUp Pro SKP File Parser use after free (ZDI-24-1474)

CVE-2023-32887 | MediaTek MT6990 Modem IMS Stack denial of service (MOLY01161837)