CVE-2024-34073

The CVE concerns the sagemaker-python-sdk, where the capture_dependencies function in sagemaker.serve.save_retrive.version_1_0_0.save.utils allows potentially unsafe OS command injection if a malicious requirements_path is passed. This could enable remote code execution, denial of service, and co...

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

SageMaker Python SDK 安全漏洞

SageMaker Python SDK is an open source library open sourced by Amazon Web Services. It is used for training and deploying machine learning models on Amazon SageMaker. A security vulnerability exists in the SageMaker Python SDK prior to version 2.214.3, which stems from a command injection...