MEDIUM 5.3

GHSA-jfvg-qm4p-473x

InternLM LMDeploy code injection vulnerability

상세

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / lmdeploy

최초 영향 버전: 0

No fixed version published yet for lmdeploy (pip). Pin to a known-safe version or switch to an alternative.

참고

https://nvd.nist.gov/vuln/detail/CVE-2025-3163 [ADVISORY]
https://github.com/InternLM/lmdeploy/issues/3254 [WEB]
https://github.com/InternLM/lmdeploy/issues/3254#issue-2918865448 [WEB]
https://github.com/InternLM/lmdeploy [PACKAGE]
https://vuldb.com/?ctiid.303109 [WEB]
https://vuldb.com/?id.303109 [WEB]
https://vuldb.com/?submit.542527 [WEB]