Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.16 views

PT-2026-42603

Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the ModelBuilder/Serve component stores an HMAC signing key in cleartext as a container environment variable,...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References7
NVD
NVD
added 2026/05/14 8:17 p.m.16 views

CVE-2026-8597

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...

7.2CVSS0.0039EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 10:1 p.m.1 views

GHSA-5R2P-PJR8-7FH7 SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality

Summary This advisory addresses the use of the searchhub function within the SageMaker Python SDK's JumpStart search functionality. An actor with the ability to control query parameters passed to the searchhub function could potentially provide malformed input that causes the eval function to...

8.4CVSS6.5AI score
Exploits0References4
NVD
NVD
added 2026/02/02 11:16 p.m.9 views

CVE-2026-1778

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

8.2CVSS0.00244EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.3 views

PT-2024-25683

Name of the Vulnerable Software and Affected Versions sagemaker-python-sdk versions prior to 2.218.0 Description The issue concerns potentially unsafe deserialization in the sagemaker.base deserializers.NumpyDeserializer module when untrusted data is passed as pickled object arrays. This may allo...

7.8CVSS7.6AI score0.00408EPSS
Exploits0References16
Rows per page
Query Builder