Опубликовано: 12 сент. 2024
Источник: github
Github: Прошло ревью
CVSS4: 8.6
CVSS3: 7.8
Описание
Cleanlab Deserialization of Untrusted Data vulnerability
Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded.
Пакеты
Наименование
cleanlab
pip
Затронутые версииВерсия исправления
>= 2.4.0, <= 2.6.6
Отсутствует
Связанные уязвимости
CVSS3: 7.8
nvd
больше 1 года назад
Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded.