exploitDog

GHSA-gqfr-84mj-fvqr

Опубликовано: 14 мар. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.

Ссылки

EPSS

Процентиль: 29%

0.00106

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-94

Связанные уязвимости

CVE-2024-28424

CVSS3: 8.8

nvd

почти 2 года назад

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.

EPSS

Процентиль: 29%

0.00106

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-94