CVE-2024-10372 | chidiwilliams buzz 1.1.0 buzz/model_loader.py download_model temp file

Inserito da Angelo Barbosa | Ott 24, 2024 | CVE

A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to insecure temporary file.

This vulnerability was named CVE-2024-10372. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10372 | chidiwilliams buzz 1.1.0 buzz/model_loader.py download_model temp file

Post correlati

CVE-2024-25567 | Delta Electronics DIAEnergie prior 1.10.00.005 path traversal (icsa-24-074-12)

CVE-2024-47084 | Gradio up to 4.43 improper authorization (GHSA-3c67-5hwx-f6wx)

CVE-2023-52220 | MonsterInsights Google Analytics Plugin up to 8.21.0 on WordPress authorization

CVE-2024-43152 | iberezansky 3D FlipBook Plugin up to 1.15.6 on WordPress cross site scripting