CVE-2024-29032

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-29032
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-29032.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-29032
Aliases
Published
2024-03-20T21:15:31Z
Modified
2024-10-12T11:21:28.136063Z
Summary
[none]
Details

Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskit_ibm_runtime.RuntimeDecoder can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue.

References

Affected packages

Git / github.com/qiskit/qiskit-ibm-runtime

Affected ranges

Type
GIT
Repo
https://github.com/qiskit/qiskit-ibm-runtime
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b78fca114133051805d00043a404b25a33835f4d

Affected versions

0.*

0.1.0
0.1.0rc1
0.1.0rc2
0.10.0
0.11.0
0.11.1
0.11.2
0.11.3
0.12.0
0.12.1
0.12.2
0.13.0
0.14.0
0.15.0
0.15.1
0.16.0
0.16.1
0.17.0
0.18.0
0.19.0
0.19.1
0.2.0
0.20.0
0.21.0
0.21.1
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.7.0rc1
0.7.0rc2
0.8.0
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4