PYSEC-2024-21

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/temporai/PYSEC-2024-21.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2024-21

Aliases

CVE-2024-0936

Published

2024-01-26T17:15:00Z

Modified

2024-02-01T18:56:43.639110Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability classified as critical was found in vanderSchaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252181 was assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024.

References

Affected packages

PyPI / temporai

Package

Name: temporai; View open source insights on deps.dev
Purl: pkg:pypi/temporai

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0.0

0.0.1.dev0

0.0.1

0.0.2

0.0.3