CVE-2024-34359

Name of the Vulnerable Software and Affected Versions llama-cpp-python (affected versions not specified)

Description The issue is related to a Server Side Template Injection vulnerability in the llama-cpp-python package, which allows for remote code execution. This is due to the use of jinja2.Environment without proper sandboxing, enabling an attacker to inject malicious code. The vulnerability is exploited by modifying the chat template in the model's metadata, which is then rendered by the Jinja2ChatFormatter class. This allows an attacker to execute arbitrary code, potentially leading to system compromises. The estimated number of potentially affected devices is not specified, but it is mentioned that over 6,000 AI models on Hugging Face are vulnerable.

Recommendations To resolve the issue, update llama-cpp-python to version 0.2.72 or later, which includes a fix for the vulnerability. As a temporary workaround, consider disabling the use of jinja2 templates or restricting access to the Jinja2ChatFormatter class until a patch is available. Avoid using the chat template parameter in the affected API endpoint until the issue is resolved.