A critical vulnerability has been discovered in a Python package widely used by AI application developers, posing a significant risk to systems and data. The flaw, identified by researcher Patrick Peng (aka retr0reg) and tracked as CVE-2024-34359, has been named “Llama Drama.” Cybersecurity firm Checkmarx detailed the vulnerability and its potential impact in a blog post.
The vulnerability involves the Jinja2 template rendering tool and the llama_cpp_python package, which integrates AI models with Python. Jinja2 is primarily used for generating HTML, while llama_cpp_python processes model metadata. The issue arises from the package’s failure to implement certain security safeguards, specifically template injection protection measures that Jinja2 supports but were not utilized.
Checkmarx explained that the core problem stems from processing template data without proper security measures like sandboxing. This oversight allows attackers to exploit the vulnerability for arbitrary code execution on systems using the affected package. More than 6,000 AI models on the Hugging Face AI community platform, which use llama_cpp_python and Jinja2, are impacted by this flaw.
To address the vulnerability, a patch has been released in version 0.2.72 of llama_cpp_python. The update mitigates the risk and secures the affected systems and models. Checkmarx emphasized the importance of promptly updating to the latest version to prevent potential exploitation and ensure the safety of AI applications and data.
