# rce

標記為「rce」的 8 篇文章

Case Study: LangChain Remote Code Execution Vulnerabilities (CVE-2023-29374 and CVE-2023-36258)

Technical analysis of critical remote code execution vulnerabilities in LangChain's LLMMathChain and PALChain components that allowed arbitrary Python execution through crafted LLM outputs.

case-studieslangchainrcecvesupply-chaincode-execution

進階

AI Supply Chain Exploitation

Methodology for exploiting the AI/ML supply chain: model serialization RCE, dependency confusion, dataset poisoning, CI/CD injection, and container escape.

supply-chainpickleserializationrcedependency-confusioncicdcontainer-escapehuggingface

專家

Pickle Deserialization Exploits

Technical methodology for crafting pickle payloads, bypassing safetensors and model signing, and exploiting ML model deserialization across frameworks.

pickledeserializationrcesafetensorsmodel-signingpytorchserialization

專家

Model Serialization RCE

Remote code execution through malicious model files using pickle deserialization, safetensors manipulation, and other model serialization format vulnerabilities.

infrastructurerceserializationpicklesupply-chainsecurity

專家

Case Study: LangChain Remote Code Execution Vulnerabilities (CVE-2023-29374 and CVE-2023-36258)

Technical analysis of critical remote code execution vulnerabilities in LangChain's LLMMathChain and PALChain components that allowed arbitrary Python execution through crafted LLM outputs.

case-studieslangchainrcecvesupply-chaincode-execution

進階

AI 供應鏈利用

為利用 AI/ML 供應鏈之方法論：模型序列化 RCE、依賴混淆、資料集投毒、CI/CD 注入與容器逃逸。

supply-chainpickleserializationrcedependency-confusioncicdcontainer-escapehuggingface

專家

Pickle Deserialization 利用s

Technical methodology for crafting pickle payloads, bypassing safetensors and model signing, and exploiting ML model deserialization across frameworks.

pickledeserializationrcesafetensorsmodel-signingpytorchserialization

專家

模型 Serialization RCE

Remote code execution through malicious model files using pickle deserialization, safetensors manipulation, and other model serialization format vulnerabilities.

infrastructurerceserializationpicklesupply-chainsecurity

專家