Deserialization Attack

Cleanlab is vulnerable to Deserialization Attack. The vulnerability is due to improper handling of deserialization processes, where the system does not validate or sanitize the contents of the datalab.pkl file, It allows an attacker to execute arbitrary code on an end user’s system...

hyfi-ml (=0.2.0), miso (>=3.1.0 <=3.1.25) +2 more potentially affected by CVE-2024-45857 via cleanlab (>=2.5.0 <=2.6.3)

cleanlab PYPI version =2.5.0, =3.1.0, =0.0.50, =0.0.51 Source cves: CVE-2024-45857 Source advisory: OSV:GHSA-8CM9-RRGC-4PCJ...

PT-2024-31814 · Cleanlab · Cleanlab

Name of the Vulnerable Software and Affected Versions: Cleanlab versions 2.4.0 or newer Description: The issue is related to the deserialization of untrusted data, which can occur in the Cleanlab project. This allows a maliciously crafted datalab.pkl file to run arbitrary code on an end user's...

Cleanlab 安全漏洞

Cleanlab is a standard data-centric AI package open-sourced by Cleanlab. A security vulnerability exists in Cleanlab 2.4.0 and prior versions that stems from the presence of deserialization of untrusted data, where a maliciously crafted datalab.pkl file can run arbitrary code on an end-user's...