CVE-2024-10372
CVE-2024-10372 — chidiwilliams buzz 1.1.0 is affected through the function download_model in buzz/model_loader.py, where misuse creates an insecure temporary file. Attacks can be launched locally with high attack complexity and minimal privileges, and the vulnerability has been publicly disclosed...