5 matches found
CVE-2024-7340
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...
Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation
Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning ML related open-source projects. These comprise vulnerabilities discovered both on the server- and client-side, software supply chain security firm JFrog said in an analysis published...
CVE-2024-7340
creationtimestamp| type| source ---|---|--- 2024-07-31 17:40:20+00:00| seen| https://t.me/cvedetector/2146 2024-09-17 09:09:01+00:00| published-proof-of-concept| https://t.me/G18Division/34 2024-09-17 20:40:45+00:00| published-proof-of-concept| https://t.me/whoisAlixan/2908 2024-10-15...
CVE-2024-7340 W&B Weave server remote arbitrary file leak and privilege escalation
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...
CVE-2024-7340 W&B Weave server remote arbitrary file leak and privilege escalation
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...