A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function
download_model
of the file buzz/model_loader.py. The manipulation leads to insecure temporary file.
This vulnerability was named CVE-2024-10372. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.