EUVD-2024-2753

Malicious code in bioql PyPI...

CVE-2024-45857

Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded...

Deserialization Attack

Cleanlab is vulnerable to Deserialization Attack. The vulnerability is due to improper handling of deserialization processes, where the system does not validate or sanitize the contents of the datalab.pkl file, It allows an attacker to execute arbitrary code on an end user’s system...

Cleanlab Deserialization of Untrusted Data vulnerability

Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded...

GHSA-8CM9-RRGC-4PCJ Cleanlab Deserialization of Untrusted Data vulnerability

Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded...

hyfi-ml (=0.2.0), miso (>=3.1.0 <=3.1.25) +2 more potentially affected by CVE-2024-45857 via cleanlab (>=2.5.0 <=2.6.3)

cleanlab PYPI version =2.5.0, =3.1.0, =0.0.50, =0.0.51 Source cves: CVE-2024-45857 Source advisory: OSV:GHSA-8CM9-RRGC-4PCJ...

CVE-2024-45857

Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded...

CVE-2024-45857

Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded...

CVE-2024-45857

Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded...

CVE-2024-45857

CVE-2024-45857 affects Cleanlab 2.4.0 and newer. The root cause is deserialization of untrusted data via a crafted datalab.pkl when loading the data directory, enabling arbitrary code execution on the end user’s system. Public descriptions consistently state the issue but do not provide a confirm...

PT-2024-31814 · Cleanlab · Cleanlab

Name of the Vulnerable Software and Affected Versions: Cleanlab versions 2.4.0 or newer Description: The issue is related to the deserialization of untrusted data, which can occur in the Cleanlab project. This allows a maliciously crafted datalab.pkl file to run arbitrary code on an end user's...

Cleanlab 安全漏洞

Cleanlab is a standard data-centric AI package open-sourced by Cleanlab. A security vulnerability exists in Cleanlab 2.4.0 and prior versions that stems from the presence of deserialization of untrusted data, where a maliciously crafted datalab.pkl file can run arbitrary code on an end-user's...