Security researchers discovered vulnerabilities in popular Python AI/ML libraries (NeMo, Uni2TS, FlexTok) from Nvidia, Salesforce, and Apple that allow remote code execution through poisoned metadata. The flaws stem from unsafe use of Hydra's instantiate() function, which can execute arbitrary code when loading model
•6m read time• From go.theregister.com
Sort: