Critical severityNVD Advisory· Published Jan 21, 2024· Updated May 30, 2025
CVE-2024-23730
CVE-2024-23730
Description
The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
llama-hubPyPI | < 0.0.67 | 0.0.67 |
Affected products
2- LlamaHub/llama-hubdescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-297x-2qf3-jrj3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-23730ghsaADVISORY
- github.com/run-llama/llama-hub/blob/v0.0.67/CHANGELOG.mdghsaWEB
- github.com/run-llama/llama-hub/commit/c01416e737c7747a213a79881b8308c41d043515ghsaWEB
- github.com/run-llama/llama-hub/pull/841/commits/9dc9c21a5c6d0226d1d2101c3121d4f085743d52ghsaWEB
- github.com/run-llama/llama-hub/releases/tag/v0.0.67ghsaWEB
News mentions
0No linked articles in our index yet.