Lucene search
K

116 matches found

OSV
OSV
added 2024/06/06 7:16 p.m.2 views

UBUNTU-CVE-2024-5206

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...

4.7CVSS6AI score0.00187EPSS
Exploits0References4
CVE
CVE
added 2024/06/06 6:28 p.m.335 views

CVE-2024-5206

CVE-2024-5206 affects scikit-learn's TfidfVectorizer. The issue: training-data tokens are stored in stop_words_ (not just the TF‑IDF subset), risking leakage of sensitive data. Affected: scikit-learn versions up to 1.4.1.post1; fixed in 1.5.0. Reported base CVSS v3.1 score: 4.7 (MEDIUM) with LOCA...

4.7CVSS4.5AI score0.00187EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/06/06 6:28 p.m.50 views

CVE-2024-5206 Sensitive Data Leakage in sklearn.feature_extraction.text.TfidfVectorizer in scikit-learn/scikit-learn

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...

4.7CVSS0.00187EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/06/06 6:28 p.m.17 views

CVE-2024-5206

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...

4.7CVSS6AI score0.00187EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/06/06 6:28 p.m.32 views

CVE-2024-5206 Sensitive Data Leakage in sklearn.feature_extraction.text.TfidfVectorizer in scikit-learn/scikit-learn

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...

4.7CVSS6.6AI score0.00187EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.3 views

scikit-learn Security Vulnerabilities

scikit-learn is an open source Python-based machine learning package that supports spam detection, image recognition, and prediction of continuous-valued attributes of associations. A security vulnerability exists in scikit-learn 1.4.1.post1 and earlier versions, which stems from accidentally...

4.7CVSS6.5AI score0.00187EPSS
Exploits0References4
OSV
OSV
added 2024/06/04 12:31 p.m.5 views

GHSA-43C4-9QGJ-X742 MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS6.1AI score0.00618EPSS
Exploits1References3
OSV
OSV
added 2024/06/04 12:31 p.m.3 views

GHSA-7P8J-QV6X-F4G4 MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS6.1AI score0.00618EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/06/04 12:31 p.m.22 views

MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/04 12:31 p.m.20 views

MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/04 12:31 p.m.19 views

MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/06/04 12:31 p.m.1 views

GHSA-76CG-CFHX-373F MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS7.4AI score0.00618EPSS
Exploits1References3
NVD
NVD
added 2024/06/04 12:15 p.m.24 views

CVE-2024-37056

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
OSV
OSV
added 2024/06/04 12:15 p.m.5 views

CVE-2024-37052

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS6AI score0.00618EPSS
Exploits1References1
OSV
OSV
added 2024/06/04 12:15 p.m.5 views

CVE-2024-37053

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS6AI score0.00618EPSS
Exploits1References1
NVD
NVD
added 2024/06/04 12:15 p.m.31 views

CVE-2024-37053

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
NVD
NVD
added 2024/06/04 12:15 p.m.30 views

CVE-2024-37052

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/04 12:1 p.m.24 views

CVE-2024-37056

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/04 12:0 p.m.39 views

CVE-2024-37053

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/04 12:0 p.m.22 views

CVE-2024-37053

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Rows per page
Query Builder