Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

2024-05-21 10:22

A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If exploited, it could allow attackers to execute arbitrary code on your system,

News URL

https://thehackernews.com/2024/05/researchers-uncover-flaws-in-python.html

#AI #firefox #PDF #python #researcher #CVE-2024-34359

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-05-14	CVE-2024-34359	llama-cpp-python is the Python bindings for llama.cpp.	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Python		24	2	52	75	31	160