CVE-2024-34359
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-34359
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34359.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-34359
- Aliases
- Published
- 2024-05-10T17:07:18.850Z
- Modified
- 2025-11-20T12:26:36.334129Z
- Severity
-
- 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
- Details
-
llama-cpp-python is the Python bindings for llama.cpp.
llama-cpp-pythondepends on classLlamainllama.pyto load.ggufllama.cpp or Latency Machine Learning Models. The__init__constructor built in theLlamatakes several parameters to configure the loading and running of the model. Other thanNUMA, LoRa settings,loading tokenizers,andhardware settings,__init__also loads thechat templatefrom targeted.gguf's Metadata and furtherly parses it tollama_chat_format.Jinja2ChatFormatter.to_chat_handler()to construct theself.chat_handlerfor this model. Nevertheless,Jinja2ChatFormatterparse thechat templatewithin the Metadate with sandbox-lessjinja2.Environment, which is furthermore rendered in__call__to construct thepromptof interaction. This allowsjinja2Server Side Template Injection which leads to remote code execution by a carefully constructed payload. - Database specific
{ "cwe_ids": [ "CWE-76" ] }- References