CVE-2024-0936

A vulnerability classified as critical was found in van_der_Schaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252181 was assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024.
Configurations

Configuration 1 (hide)

cpe:2.3:a:vanderschaarlab:temporai:0.0.3:*:*:*:*:*:*:*

History

21 Nov 2024, 08:47

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 8.8
v2 : 7.5
v3 : 6.3
References () https://github.com/bayuncao/vul-cve-5 - Broken Link () https://github.com/bayuncao/vul-cve-5 - Broken Link
References () https://github.com/bayuncao/vul-cve-5/blob/main/poc.py - Broken Link () https://github.com/bayuncao/vul-cve-5/blob/main/poc.py - Broken Link
References () https://vuldb.com/?ctiid.252181 - Permissions Required () https://vuldb.com/?ctiid.252181 - Permissions Required
References () https://vuldb.com/?id.252181 - Permissions Required () https://vuldb.com/?id.252181 - Permissions Required

01 Feb 2024, 16:27

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:vanderschaarlab:temporai:0.0.3:*:*:*:*:*:*:*
References () https://vuldb.com/?ctiid.252181 - () https://vuldb.com/?ctiid.252181 - Permissions Required
References () https://vuldb.com/?id.252181 - () https://vuldb.com/?id.252181 - Permissions Required
References () https://github.com/bayuncao/vul-cve-5 - () https://github.com/bayuncao/vul-cve-5 - Broken Link
References () https://github.com/bayuncao/vul-cve-5/blob/main/poc.py - () https://github.com/bayuncao/vul-cve-5/blob/main/poc.py - Broken Link

26 Jan 2024, 18:29

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-26 17:15

Updated : 2024-11-21 08:47


NVD link : CVE-2024-0936

Mitre link : CVE-2024-0936

CVE.ORG link : CVE-2024-0936


JSON object : View

Products Affected

vanderschaarlab

  • temporai
CWE
CWE-502

Deserialization of Untrusted Data