Lucene search
Redhat.comRH:CVE-2024-34997HistoryMay 20, 2024 - 6:46 p.m.
CVE-2024-34997
2024-05-2018:46:18
redhat.com
access.redhat.com
8
joblib
v1.4.2
deserialization
vulnerability
numpyarraywrapper
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
6.5
Confidence
High
EPSS
0
Percentile
9.0%
A flaw was found in python-joblib. A deserialization vulnerability via the joblib.numpy_pickle::NumpyArrayWrapper().read_array() component uses the insecure pickle python library when used with untrusted inputs.
Related
ibm
ibm
Security Bulletin: IBM Maximo Application Suite Predict Component includes joblib-1.4.0-py3-none-any.whl which is vulnerable to this CVE-2024-34997
2024-07-31 07:43:27
vulnrichment
vulnrichment
CVE-2024-34997
2024-05-17 00:00:00
debiancve
debiancve
CVE-2024-34997
2024-05-17 19:15:07
nvd
nvd
CVE-2024-34997
2024-05-17 19:15:07
cve
cve
CVE-2024-34997
2024-05-17 19:15:07
osv
osv
CVE-2024-34997
2024-05-17 19:15:07
veracode
veracode
Deserialization Of Untrusted Data
2024-05-22 06:12:37
cvelist
cvelist
CVE-2024-34997
2024-05-17 00:00:00
ubuntucve
ubuntucve
CVE-2024-34997
2024-05-17 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
6.5
Confidence
High
EPSS
0
Percentile
9.0%
Related for RH:CVE-2024-34997