Описание
GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.
FAQ
How could an attacker exploit this vulnerability?
An attacker could exploit this issue by publishing a malicious package named “geneformer” to the public PyPI registry using the same name referenced in the project’s requirements file. If a user installs the affected open‑source project and the installation process retrieves this malicious package instead of an intended legitimate one, the attacker’s code could run on the user’s system during installation. This could allow the attacker to execute unauthorized code.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| GitHub Repo: Zero Shot scFoundation |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8.8 High
CVSS3
Связанные уязвимости
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.
Уязвимость программного обеспечения Zero Shot scFoundation, связанная с наличием уязвимости в заимствованном компоненте, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3