CVE-2024-0959

A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\utils\pposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204.
Configurations

Configuration 1 (hide)

cpe:2.3:a:standford:gibsonenv:0.3.1:*:*:*:*:*:*:*

History

02 Feb 2024, 02:18

Type Values Removed Values Added
CPE cpe:2.3:a:standford:gibsonenv:0.3.1:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time Standford gibsonenv
Standford
References () https://vuldb.com/?ctiid.252204 - () https://vuldb.com/?ctiid.252204 - Permissions Required
References () https://github.com/bayuncao/vul-cve-7 - () https://github.com/bayuncao/vul-cve-7 - Broken Link
References () https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl - () https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl - Broken Link
References () https://vuldb.com/?id.252204 - () https://vuldb.com/?id.252204 - Permissions Required

27 Jan 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-27 11:15

Updated : 2024-05-17 02:35


NVD link : CVE-2024-0959

Mitre link : CVE-2024-0959

CVE.ORG link : CVE-2024-0959


JSON object : View

Products Affected

standford

  • gibsonenv
CWE
CWE-502

Deserialization of Untrusted Data