CVE-2024-27320

EPSS 0.09%
Veröffentlicht 12.09.2024 13:15:11
Zuletzt bearbeitet 23.09.2024 13:56:48
Quelle 6f8de1f0-f67e-45a6-b68f-98777f
CVE-Watchlists
Login
Unerledigt
Login

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code will be passed to an eval function which executes it.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Refuel ≫ Autolabel Version >= 0.0.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.257

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6f8de1f0-f67e-45a6-b68f-98777fdb759c	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-1236 Improper Neutralization of Formula Elements in a CSV File

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

https://hiddenlayer.com/sai-security-advisory/2024-09-autolabel/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-27320

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27320

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27320

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-27320