CVE-2024-10096

Опубликовано: 20 мар. 2025

Источник: redhat

CVSS3: 9.8

Описание

A flaw was found in the Dask Distributed Server. This vulnerability allows remote code execution via pickle serialization, enabling attackers to craft and send malicious objects for deserialization on the server.

Отчет

This CVE has been marked as Rejected by the assigning CNA.

Ссылки на источники

Дополнительная информация

Дефект:

CWE-77

https://bugzilla.redhat.com/show_bug.cgi?id=2353543github.com/dask/dask: Remote Unauthorized Pickle Deserialization Command Execution in dask/dask

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2024-10096

ubuntu

11 месяцев назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2024-10096

nvd

11 месяцев назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

GHSA-xqgj-r6xv-9cw4

CVSS3: 9.8

github

11 месяцев назад

Withdrawn Advisory: Dask Vulnerable to Command Injection

9.8 Critical

CVSS3