Added security testbed for llamafactory CVE-2024-52803 #185

mzfr · 2026-01-14T13:05:01Z

Added Llama factory CVE-2024-52803 plugin tsunami-security-scanner-plugins#751

giacomo-doyensec

Hello @mzfr, thanks for your contribution!
The overall testbed looks fine I just added some suggestions in the comments down below.

giacomo-doyensec · 2026-01-15T11:54:00Z

llama_factory/CVE-2024-52803/README.md

+- Run Vulnerable Version Only
+
+```bash
+docker-compose up llama-factory-vulnerable


Suggested change

docker-compose up llama-factory-vulnerable

docker compose up llama-factory-vulnerable

giacomo-doyensec · 2026-01-15T11:54:07Z

llama_factory/CVE-2024-52803/README.md

+- Run Safe/Patched Version Only
+
+```bash
+docker-compose up llama-factory-safe


Suggested change

docker-compose up llama-factory-safe

docker compose up llama-factory-safe

giacomo-doyensec · 2026-01-15T11:54:09Z

llama_factory/CVE-2024-52803/README.md

+- Run Both Versions Simultaneously
+
+```bash
+docker-compose up


Suggested change

docker-compose up

docker compose up

giacomo-doyensec · 2026-01-15T11:54:13Z

llama_factory/CVE-2024-52803/README.md

+Reference PoC: https://gist.github.com/superboy-zjc/f2d2b93ae511c445ba97e144b70e534d
+
+```sh
+uv run poc_verify.py --url http://localhost:7860 --cmd "echo poc-vuln"


Suggested change

uv run poc_verify.py --url http://localhost:7860 --cmd "echo poc-vuln"

uv run --with requests poc_verify.py --url http://localhost:<port> --cmd "echo poc-vuln"

Added security testbed for llamafactory CVE-2024-52803

e9b8862

giacomo-doyensec reviewed Jan 15, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Added security testbed for llamafactory CVE-2024-52803 #185

Added security testbed for llamafactory CVE-2024-52803 #185

mzfr commented Jan 14, 2026

Uh oh!

giacomo-doyensec left a comment

Uh oh!

giacomo-doyensec Jan 15, 2026

Uh oh!

giacomo-doyensec Jan 15, 2026

Uh oh!

giacomo-doyensec Jan 15, 2026

Uh oh!

giacomo-doyensec Jan 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

	docker-compose up llama-factory-vulnerable
	docker compose up llama-factory-vulnerable

	docker-compose up llama-factory-safe
	docker compose up llama-factory-safe

	uv run poc_verify.py --url http://localhost:7860 --cmd "echo poc-vuln"
	uv run --with requests poc_verify.py --url http://localhost:<port> --cmd "echo poc-vuln"

Added security testbed for llamafactory CVE-2024-52803 #185

Are you sure you want to change the base?

Added security testbed for llamafactory CVE-2024-52803 #185

Conversation

mzfr commented Jan 14, 2026

Uh oh!

giacomo-doyensec left a comment

Choose a reason for hiding this comment

Uh oh!

giacomo-doyensec Jan 15, 2026

Choose a reason for hiding this comment

Uh oh!

giacomo-doyensec Jan 15, 2026

Choose a reason for hiding this comment

Uh oh!

giacomo-doyensec Jan 15, 2026

Choose a reason for hiding this comment

Uh oh!

giacomo-doyensec Jan 15, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants