2 matches found
The Art of Hide and Seek: Making Pickle-Based Model Supply Chain Poisoning Stealthy Again
Pickle deserialization vulnerabilities have persisted throughout Python's history, remaining widely recognized yet unresolved. Due to its ability to transparently save and restore complex objects into byte streams, many AI/ML frameworks continue to adopt pickle as the model serialization protocol...
Local Privilege Escalation
Mongosh is vulnerable to local privilege escalation. The vulnerability is due to improper handling of library loading paths, where mongosh searches for and executes files from C:\nodemodules\ without proper validation, allowing an attacker to place a malicious file and gain elevated privileges...