LLaMA-Factory Insecure Deserialization Vulnerability in llmafy_baichuan2.py Allowing Arbitrary Code Execution

A critical vulnerability prior to LLaMA-Factory version 1.0.0 has been identified in the 'llamafy_baichuan2.py' script. This vulnerability arises from insecure deserialization of user-supplied '.bin' files, using 'torch.load()' which can be exploited by crafting a malicious '.bin' file that executes arbitrary commands during the deserialization process.

Impact

Exploitation of this vulnerability allows for arbitrary code execution, potentially leading to system compromise and unauthorized actions in shared computing environments.

Reproduction

The vulnerability can be reproduced by downloading or cloning a malicious project folder containing a crafted '.bin' file, and then running the 'llamafy_baichuan2.py' script with the 'input_dir' parameter set to the folder containing the malicious file. This will trigger the execution of the malicious payload during the deserialization process.

Remediation

Users are advised to update to LLaMA-Factory version 1.0.0 or later, and to avoid running the 'llamafy_baichuan2.py' script with untrusted '.bin' files.