Lucene search

CVE-2024-34072

🗓️ 03 May 2024 11:22:15Reported by GitHub_MType

sagemaker-python-sdk v2.218.0 NumpyDeserializer module allows remote code execution and denial of service due to insecure deserialization

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
OSV	GHSA-WJVX-JHPJ-R54R sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data	3 May 202420:25	–	osv
OSV	CVE-2024-34072	3 May 202411:15	–	osv
RedhatCVE	CVE-2024-34072	5 Feb 202511:18	–	redhatcve
NVD	CVE-2024-34072	3 May 202411:15	–	nvd
Cvelist	CVE-2024-34072 Deserialization of Untrusted Data in sagemaker-python-sdk	3 May 202410:13	–	cvelist
Github Security Blog	sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data	3 May 202420:25	–	github
Vulnrichment	CVE-2024-34072 Deserialization of Untrusted Data in sagemaker-python-sdk	3 May 202410:13	–	vulnrichment
Veracode	Deserialization Of Untrusted Data	6 May 202405:51	–	veracode

Vulners

Vulnrichment

Node

aws sagemaker_python_sdkRange<2.218.0

[
  {
    "vendor": "aws",
    "product": "sagemaker-python-sdk",
    "versions": [
      {
        "version": "< 2.218.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/aws/sagemaker-python-sdk/pull/4557
github	www.github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-wjvx-jhpj-r54r

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

03 May 2024 11:15Current

7.7High risk

Vulners AI Score7.7

CVSS37.8

EPSS0.00363

SSVC

CWE-502