CVE-2024-45857
CVSS V2 None
CVSS V3 None
Description
Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded.
Overview
- CVE ID
- CVE-2024-45857
- Assigner
- HiddenLayer
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-12T12:53:43.963Z
- Last Modified Date
- 2024-09-12T14:43:45.118Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://hiddenlayer.com/sai-security-advisory/2024-09-cleanlab/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-45857 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45857 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-09-13 13:15:40 | Added to TrackCVE |