CVE-2024-34073 | Amazon sagemaker-python-sdk up to 2.214.2 os command injection (GHSA-7pc3-pr3q-58vg)

Inserito da Angelo Barbosa | Mag 3, 2024 | CVE

A vulnerability has been found in Amazon sagemaker-python-sdk up to 2.214.2 and classified as critical. Affected by this vulnerability is the function sagemaker.serve.save_retrive.version_1_0_0.save.utils. The manipulation leads to os command injection.

This vulnerability is known as CVE-2024-34073. The attack needs to be approached locally. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-34073 | Amazon sagemaker-python-sdk up to 2.214.2 os command injection (GHSA-7pc3-pr3q-58vg)

Post correlati

CVE-2024-1337 | SKT Page Builder Plugin up to 4.1 on WordPress authorization

CVE-2024-25453 | Axiomatic Bento4 1.6.0-640 GetSampleSize null pointer dereference

CVE-2023-42899 | Apple watchOS Image memory corruption

CVE-2024-25998 | Phoenix Contact CHARX SEC-3150 up to 1.5.0 OCPP Service command injection (VDE-2024-011)