Hugging Face's logo

CohereForAI
/
c4ai-command-r7b-12-2024

Text Generation
Transformers
Safetensors
cohere2
conversational
Model card Files Community
13

False positives caused by template tooling.

#10
by Lewdiculous - opened
Discussion
Lewdiculous
edited 19 days ago

https://protectai.com/insights/models/Lewdiculous/c4ai-command-r7b-12-2024-GGUF-IQ-ARM-Imatrix/cbd8f6f6f4e521405ae335efca36705269bdf29a/files?blob-id=94522be24270fedb6903b8ffd6561b800791eabc&threat=PAIT-GGUF-101

Using latest repo commits when quantizing the model leads to detections of "GGUF Model Template Containing Arbitrary Code Execution Detected" for quants.

Commit that lead to issue: https://huggingface.co./CohereForAI/c4ai-command-r7b-12-2024/commit/e8aabc6cdb30e851a2fdd21a27b4ba0fccff8624

Previous vs Current:
https://www.diffchecker.com/HJ5zHE2p/

https://github.com/ggerganov/llama.cpp/issues/11077:

It may be because of {{ tool_msg.content|tojson }} which generates JSON objects dynamically. This structure appears to be common in scripts that send requests to remote servers, a behavior that some trojans exhibit.

Sign up or log in to comment