instructlab@0.23.1

Core package for interacting with InstructLab

latest version

0.26.1

first published

1 years ago

latest version published

0 years ago

licenses detected

Apache-2.0 AND MIT
[0,)

View instructlab package health on Snyk (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the instructlab package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Inclusion of Functionality from Untrusted Control Sphere instructlab is a Core package for interacting with InstructLab Affected versions of this package are vulnerable to Inclusion of Functionality from Untrusted Control Sphere via default `trust_remote_code=True` for loading models from HuggingFacein in `linux_train.py` file. An attacker can execute arbitrary Python code by convincing a user to run the training, downloading, or generating commands with a malicious model from a remote source. How to fix Inclusion of Functionality from Untrusted Control Sphere? There is no fixed version for `instructlab`.	[0,)
H Directory Traversal instructlab is a Core package for interacting with InstructLab Affected versions of this package are vulnerable to Directory Traversal via the chat session handler. An attacker can create new directories and write files to arbitrary locations on the system by manipulating the `logs_dir` parameter, potentially leading to unauthorized data modification or disclosure. How to fix Directory Traversal? There is no fixed version for `instructlab`.	[0,)

Inclusion of Functionality from Untrusted Control Sphere

instructlab is a Core package for interacting with InstructLab

Affected versions of this package are vulnerable to Inclusion of Functionality from Untrusted Control Sphere via default trust_remote_code=True for loading models from HuggingFacein in linux_train.py file. An attacker can execute arbitrary Python code by convincing a user to run the training, downloading, or generating commands with a malicious model from a remote source.

How to fix Inclusion of Functionality from Untrusted Control Sphere?

There is no fixed version for instructlab.

[0,)

Directory Traversal

instructlab is a Core package for interacting with InstructLab

Affected versions of this package are vulnerable to Directory Traversal via the chat session handler. An attacker can create new directories and write files to arbitrary locations on the system by manipulating the logs_dir parameter, potentially leading to unauthorized data modification or disclosure.

How to fix Directory Traversal?

There is no fixed version for instructlab.

[0,)

Go back to all versions of this package