exploitDog

CVE-2024-28425

Опубликовано: 14 мар. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.

Ссылки

https://github.com/bayuncao/vul-cve-17
Broken Link
https://github.com/bayuncao/vul-cve-17
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:linkedin:greykite:1.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.00101

Низкий

7.5 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-f892-3gpj-v83f

CVSS3: 7.5

github

почти 2 года назад

greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.

EPSS

Процентиль: 28%

0.00101

Низкий

7.5 High

CVSS3

Дефекты

CWE-434