CVE-2024-23730

Name of the Vulnerable Software and Affected Versions LlamaHub (aka llama-hub) versions prior to 0.0.67

Description The OpenAPI and ChatGPT plugin loaders in LlamaHub allow attackers to execute arbitrary code because safe load is not used for YAML. This issue enables attackers to execute arbitrary code.

Recommendations For versions prior to 0.0.67, update to version 0.0.67 or later to resolve the issue. As a temporary workaround, consider disabling the OpenAPI and ChatGPT plugin loaders until a patch is available. Restrict access to the YAML loading functionality to minimize the risk of exploitation.