4 matches found
CVE-2024-6507
Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in the ingestkaggle API...
Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation
Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning ML related open-source projects. These comprise vulnerabilities discovered both on the server- and client-side, software supply chain security firm JFrog said in an analysis published...
CVE-2024-6507 Deep Lake Kaggle command injection
Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in the ingestkaggle API...
CVE-2024-6507
CVE-2024-6507 relates to a command injection in the Deep Lake AI database when ingesting a remote Kaggle dataset, caused by insufficient input sanitization in the ingest_kaggle() API. The vulnerability is described across multiple sources (NVD/Red Hat/Veracode) with a high impact profile (CVSS v3...