A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://github.com/bayuncao/vul-cve-20 | Broken Link |
https://github.com/bayuncao/vul-cve-20/blob/main/PoC.py | Broken Link |
https://vuldb.com/?ctiid.280722 | Permissions Required |
https://vuldb.com/?id.280722 | Third Party Advisory |
https://vuldb.com/?submit.420055 | Third Party Advisory |
Configurations
History
29 Oct 2024, 17:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/bayuncao/vul-cve-20 - Broken Link | |
References | () https://github.com/bayuncao/vul-cve-20/blob/main/PoC.py - Broken Link | |
References | () https://vuldb.com/?ctiid.280722 - Permissions Required | |
References | () https://vuldb.com/?id.280722 - Third Party Advisory | |
References | () https://vuldb.com/?submit.420055 - Third Party Advisory | |
First Time |
Informatik.hu-berlin
Informatik.hu-berlin flair |
|
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
CPE | cpe:2.3:a:informatik.hu-berlin:flair:0.14.0:*:*:*:*:*:*:* |
18 Oct 2024, 12:52
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
17 Oct 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-17 17:15
Updated : 2024-10-29 17:18
NVD link : CVE-2024-10073
Mitre link : CVE-2024-10073
CVE.ORG link : CVE-2024-10073
JSON object : View
Products Affected
informatik.hu-berlin
- flair
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')