2 matches found
autogluon (>=0.5.0 <=0.5.1b20220718), autogluon-text (>=0.5.0 <=0.5.1b20220718) +1 more potentially affected by unknown CVE via autogluon-multimodal (>=0.5.0 <=0.5.1b20220718)
autogluon-multimodal PYPI version =0.5.0, =0.5.0, =0.5.0, =1.0.0, =1.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-6H2X-4GJF-JC5W...
GHSA-6H2X-4GJF-JC5W autogluon.multimodal vulnerable to unsafe YAML deserialization
Impact A potential unsafe deserialization issue exists within the autogluon.multimodal module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of untrusted data may allow an unprivileged third party to cause remote code execution, denial of service, and...