CVE-2024-28424

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.
Configurations

No configuration.

History

21 Nov 2024, 09:06

Type Values Removed Values Added
References () https://github.com/bayuncao/vul-cve-18 - () https://github.com/bayuncao/vul-cve-18 -

01 Aug 2024, 13:49

Type Values Removed Values Added
CWE CWE-94
Summary
  • (es) Se descubrió que zenml v0.55.4 contenía una vulnerabilidad de carga de archivos arbitraria en la función de carga en /materializers/cloudpickle_materializer.py. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario cargando un archivo manipulado.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

14 Mar 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-14 19:15

Updated : 2024-11-21 09:06


NVD link : CVE-2024-28424

Mitre link : CVE-2024-28424

CVE.ORG link : CVE-2024-28424


JSON object : View

Products Affected

No product.

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')