423A35C7/LLaMA-Factory
1
0
Fork 0
mirror of https://github.com/hiyouga/LLaMA-Factory.git synced 2025-08-23 06:12:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

[patch] Patch remote OS command injection vulnerability

Browse Source 
Former-commit-id: aa6a174d6822340022433c5ba38182b4932adecb
This commit is contained in:
superboy-zjc 2024-11-21 01:50:59 -05:00
parent 4d49dc0559
commit e272f87849
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/llamafactory/webui/runner.py
View File

@ -320,7 +320,12 @@ class Runner:
if args.get("deepspeed", None) is not None:
env["FORCE_TORCHRUN"] = "1"
self.trainer = Popen(f"llamafactory-cli train {save_cmd(args)}", env=env, shell=True)
cmd = [
"llamafactory-cli",
"train",
*save_cmd(args).split(),
]
self.trainer = Popen(cmd, env=env)
yield from self.monitor()
def _form_config_dict(self, data: Dict["Component", Any]) -> Dict[str, Any]: