423A35C7/LLaMA-Factory
1
0
Fork 0
mirror of https://github.com/hiyouga/LLaMA-Factory.git synced 2025-08-23 14:22:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit from fork

Browse Source 
[patch] Patch remote OS command injection vulnerability

Former-commit-id: b3aa80d54a67da45e9e237e349486fb9c162b2ac
This commit is contained in:
hoshi-hiyouga 2024-11-21 22:39:44 +08:00 committed by GitHub
commit 24419dd3f1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/llamafactory/webui/runner.py
View File

@ -320,7 +320,7 @@ class Runner:
if args.get("deepspeed", None) is not None: if args.get("deepspeed", None) is not None:
env["FORCE_TORCHRUN"] = "1" env["FORCE_TORCHRUN"] = "1"
self.trainer = Popen(f"llamafactory-cli train {save_cmd(args)}", env=env, shell=True) self.trainer = Popen(["llamafactory-cli", "train", save_cmd(args)], env=env)
yield from self.monitor() yield from self.monitor()
def _form_config_dict(self, data: Dict["Component", Any]) -> Dict[str, Any]: def _form_config_dict(self, data: Dict["Component", Any]) -> Dict[str, Any]: