A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\utils\pposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204.
References
Link | Resource |
---|---|
https://github.com/bayuncao/vul-cve-7 | Broken Link |
https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl | Broken Link |
https://vuldb.com/?ctiid.252204 | Permissions Required |
https://vuldb.com/?id.252204 | Permissions Required |
https://github.com/bayuncao/vul-cve-7 | Broken Link |
https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl | Broken Link |
https://vuldb.com/?ctiid.252204 | Permissions Required |
https://vuldb.com/?id.252204 | Permissions Required |
Configurations
History
21 Nov 2024, 08:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/bayuncao/vul-cve-7 - Broken Link | |
References | () https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl - Broken Link | |
References | () https://vuldb.com/?ctiid.252204 - Permissions Required | |
References | () https://vuldb.com/?id.252204 - Permissions Required | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 5.0 |
02 Feb 2024, 02:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:standford:gibsonenv:0.3.1:*:*:*:*:*:*:* | |
References | () https://vuldb.com/?ctiid.252204 - Permissions Required | |
References | () https://github.com/bayuncao/vul-cve-7 - Broken Link | |
References | () https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl - Broken Link | |
References | () https://vuldb.com/?id.252204 - Permissions Required | |
First Time |
Standford gibsonenv
Standford |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
27 Jan 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-27 11:15
Updated : 2024-11-21 08:47
NVD link : CVE-2024-0959
Mitre link : CVE-2024-0959
CVE.ORG link : CVE-2024-0959
JSON object : View
Products Affected
standford
- gibsonenv
CWE
CWE-502
Deserialization of Untrusted Data