Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox
A critical security flaw has been disclosed in theΒ llama_cpp_pythonΒ Python package that could be exploited by threat actors to achieve arbitrary code execution.
Tracked asΒ CVE-2024-34359Β (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx.
"If exploited, it could allow attackers to execute arbitrary code on your system,