CVE-2024-10073 | flairNLP flair 0.14.0 Mode File Loader clustering.py ClusteringModel code injection

Posted by Angelo Barbosa | Oct 17, 2024 | CVE

A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flairmodelsclustering.py of the component Mode File Loader. The manipulation leads to code injection.

This vulnerability is traded as CVE-2024-10073. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10073 | flairNLP flair 0.14.0 Mode File Loader clustering.py ClusteringModel code injection

Related Posts

CVE-2024-2942 | Campcodes Online Examination System 1.0 deleteQuestionExe.php id sql injection

CVE-2024-34457 | Apache StreamPark up to 2.1.3 privileges management

CVE-2024-42366 | vrcx-team VRCX prior 2024.03.23 privileges management (GHSA-j98g-mgjm-wqph)

CVE-2024-1562 | WooCommerce Google Sheet Connector Plugin up to 1.3.11 on WordPress authorization