LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafy_baichuan2.py
script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load()
on user-supplied .bin
files from an input directory. An attacker can exploit this behavior by crafting a malicious .bin
file that executes arbitrary commands during deserialization. This issue has been patched in version 1.0.0.