CVE-2024-0937

A vulnerability, which was classified as critical, has been found in van_der_Schaar LAB synthcity 0.2.9. Affected by this issue is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024.
Configurations

Configuration 1 (hide)

cpe:2.3:a:vanderschaarlab:temporai:0.2.9:*:*:*:*:*:*:*

History

21 Nov 2024, 08:47

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 9.8
v2 : 7.5
v3 : 6.3
References () https://github.com/bayuncao/vul-cve-6 - Broken Link () https://github.com/bayuncao/vul-cve-6 - Broken Link
References () https://github.com/bayuncao/vul-cve-6/blob/main/poc.py - Broken Link () https://github.com/bayuncao/vul-cve-6/blob/main/poc.py - Broken Link
References () https://vuldb.com/?ctiid.252182 - Permissions Required () https://vuldb.com/?ctiid.252182 - Permissions Required
References () https://vuldb.com/?id.252182 - Permissions Required () https://vuldb.com/?id.252182 - Permissions Required

01 Feb 2024, 15:50

Type Values Removed Values Added
References () https://vuldb.com/?id.252182 - () https://vuldb.com/?id.252182 - Permissions Required
References () https://github.com/bayuncao/vul-cve-6/blob/main/poc.py - () https://github.com/bayuncao/vul-cve-6/blob/main/poc.py - Broken Link
References () https://vuldb.com/?ctiid.252182 - () https://vuldb.com/?ctiid.252182 - Permissions Required
References () https://github.com/bayuncao/vul-cve-6 - () https://github.com/bayuncao/vul-cve-6 - Broken Link
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:vanderschaarlab:temporai:0.2.9:*:*:*:*:*:*:*

26 Jan 2024, 18:29

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-26 18:15

Updated : 2024-11-21 08:47


NVD link : CVE-2024-0937

Mitre link : CVE-2024-0937

CVE.ORG link : CVE-2024-0937


JSON object : View

Products Affected

vanderschaarlab

  • temporai
CWE
CWE-502

Deserialization of Untrusted Data