5 matches found
CVE-2024-34073
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...
anymodality (=0.1.0), autogluon-cloud (>=0.1.1b20230324 <=0.2.1b20230929) +19 more potentially affected by CVE-2024-34073 via sagemaker (>=1.52.1 <=2.207.1)
sagemaker PYPI version =1.52.1, =0.1.1b20230324, =0.9.0, =0.2.8, =1.97.0.dev0, =1.0.0, =1.0.0, =0.7.3, =0.1.2, =0.0.9, =0.1.6, =0.2.0, =0.5.1 and more Source cves: CVE-2024-34073 Source advisory: OSV:GHSA-7PC3-PR3Q-58VG...
CVE-2024-34073
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...
CVE-2024-34073
The CVE concerns the sagemaker-python-sdk, where the capture_dependencies function in sagemaker.serve.save_retrive.version_1_0_0.save.utils allows potentially unsafe OS command injection if a malicious requirements_path is passed. This could enable remote code execution, denial of service, and co...
CVE-2024-34073 Command Injection in sagemaker-python-sdk
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...