CVE-2024-0960 | flink-extended ai-flow 0.3.1 workflow_command.py cloudpickle.loads deserialization

Inserito da Angelo Barbosa | Gen 26, 2024 | CVE

A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file ai_flowclicommandsworkflow_command.py. The manipulation leads to deserialization.

This vulnerability is known as CVE-2024-0960. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-0960 | flink-extended ai-flow 0.3.1 workflow_command.py cloudpickle.loads deserialization

Post correlati

CVE-2024-2882 | SDG Technologies PnPSCADA up to 3.x authorization (icsa-24-179-02)

CVE-2023-49566 | Apache Linkis DataSource up to 1.5.0 JDBC Datasource Module of injection

CVE-2024-27694 | FlyCMS 1.0 ztree_category_edit cross-site request forgery

CVE-2024-34171 | Fuji Electric Monitouch V-SFT stack-based overflow (icsa-24-151-02)