CVE-2024-0959

A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\utils\pposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204.
Configurations

Configuration 1 (hide)

cpe:2.3:a:standford:gibsonenv:0.3.1:*:*:*:*:*:*:*

History

21 Nov 2024, 08:47

Type Values Removed Values Added
References () https://github.com/bayuncao/vul-cve-7 - Broken Link () https://github.com/bayuncao/vul-cve-7 - Broken Link
References () https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl - Broken Link () https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl - Broken Link
References () https://vuldb.com/?ctiid.252204 - Permissions Required () https://vuldb.com/?ctiid.252204 - Permissions Required
References () https://vuldb.com/?id.252204 - Permissions Required () https://vuldb.com/?id.252204 - Permissions Required
CVSS v2 : 5.1
v3 : 9.8
v2 : 5.1
v3 : 5.0

02 Feb 2024, 02:18

Type Values Removed Values Added
CPE cpe:2.3:a:standford:gibsonenv:0.3.1:*:*:*:*:*:*:*
References () https://vuldb.com/?ctiid.252204 - () https://vuldb.com/?ctiid.252204 - Permissions Required
References () https://github.com/bayuncao/vul-cve-7 - () https://github.com/bayuncao/vul-cve-7 - Broken Link
References () https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl - () https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl - Broken Link
References () https://vuldb.com/?id.252204 - () https://vuldb.com/?id.252204 - Permissions Required
First Time Standford gibsonenv
Standford
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

27 Jan 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-27 11:15

Updated : 2024-11-21 08:47


NVD link : CVE-2024-0959

Mitre link : CVE-2024-0959

CVE.ORG link : CVE-2024-0959


JSON object : View

Products Affected

standford

  • gibsonenv
CWE
CWE-502

Deserialization of Untrusted Data