A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \ai_flow\cli\commands\workflow_command.py. The manipulation leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252205 was assigned to this vulnerability.
References
Link | Resource |
---|---|
https://github.com/bayuncao/vul-cve-8 | Broken Link |
https://github.com/bayuncao/vul-cve-8/blob/main/dataset.pkl | Broken Link |
https://vuldb.com/?ctiid.252205 | Permissions Required |
https://vuldb.com/?id.252205 | Third Party Advisory |
https://github.com/bayuncao/vul-cve-8 | Broken Link |
https://github.com/bayuncao/vul-cve-8/blob/main/dataset.pkl | Broken Link |
https://vuldb.com/?ctiid.252205 | Permissions Required |
https://vuldb.com/?id.252205 | Third Party Advisory |
Configurations
History
21 Nov 2024, 08:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/bayuncao/vul-cve-8 - Broken Link | |
References | () https://github.com/bayuncao/vul-cve-8/blob/main/dataset.pkl - Broken Link | |
References | () https://vuldb.com/?ctiid.252205 - Permissions Required | |
References | () https://vuldb.com/?id.252205 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 5.0 |
02 Feb 2024, 02:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Flink-extended aiflow
Flink-extended |
|
References | () https://vuldb.com/?ctiid.252205 - Permissions Required | |
References | () https://github.com/bayuncao/vul-cve-8/blob/main/dataset.pkl - Broken Link | |
References | () https://vuldb.com/?id.252205 - Third Party Advisory | |
References | () https://github.com/bayuncao/vul-cve-8 - Broken Link | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:flink-extended:aiflow:0.3.1:*:*:*:*:*:*:* |
27 Jan 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-27 12:15
Updated : 2024-11-21 08:47
NVD link : CVE-2024-0960
Mitre link : CVE-2024-0960
CVE.ORG link : CVE-2024-0960
JSON object : View
Products Affected
flink-extended
- aiflow
CWE
CWE-502
Deserialization of Untrusted Data