Server-Side Template Injection in llama-cpp-python (CVE-2024-34359) #74
Description
I plan to write a case study on CVE-2024-34359, a critical (CVSS 9.7) Server-Side Template Injection vulnerability in llama-cpp-python that leads to Remote Code Execution via unsandboxed Jinja2 template rendering of malicious .gguf model metadata. CVE: CVE-2024-34359. CWE: CWE-1336. Software: llama-cpp-python (Python). Author: Pranav Goriparthi. Please let us know if there are any objections before we proceed.