# rce

4 articlestagged with “rce”

Case Study: LangChain Remote Code Execution Vulnerabilities (CVE-2023-29374 and CVE-2023-36258)

Technical analysis of critical remote code execution vulnerabilities in LangChain's LLMMathChain and PALChain components that allowed arbitrary Python execution through crafted LLM outputs.

case-studieslangchainrcecvesupply-chaincode-execution

Advanced

AI Supply Chain Exploitation

Methodology for exploiting the AI/ML supply chain: model serialization RCE, dependency confusion, dataset poisoning, CI/CD injection, and container escape.

supply-chainpickleserializationrcedependency-confusioncicdcontainer-escapehuggingface

Expert

Pickle Deserialization Exploits

Technical methodology for crafting pickle payloads, bypassing safetensors and model signing, and exploiting ML model deserialization across frameworks.

pickledeserializationrcesafetensorsmodel-signingpytorchserialization

Expert

Model Serialization RCE

Remote code execution through malicious model files using pickle deserialization, safetensors manipulation, and other model serialization format vulnerabilities.

infrastructurerceserializationpicklesupply-chainsecurity

Expert