CVE-2024-6507 | activeloopai deeplake up to 3.9.10 Kaggle ingest_kaggle command injection (jfsa-2024-0010)

Inserito da Angelo Barbosa | Lug 4, 2024 | CVE

A vulnerability was found in activeloopai deeplake up to 3.9.10 and classified as critical. This issue affects the function ingest_kaggle of the component Kaggle Handler. The manipulation leads to command injection.

The identification of this vulnerability is CVE-2024-6507. The attack may be initiated remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2024-6507 | activeloopai deeplake up to 3.9.10 Kaggle ingest_kaggle command injection (jfsa-2024-0010)

Post correlati

CVE-2024-22922 | Project Worlds Visitor Management Systemin 1.0 Login Page POST/index.php Privilege Escalation

CVE-2024-40518 | SeaCMS 12.9 admin_weixin.php Remote Code Execution

CVE-2024-24890 | openEuler gala-gopher up to 1.0.2 on Linux os command injection

CVE-2024-24754 | brefphp bref up to 2.1.12 RequestHandlerInterface interpretation conflict