CVE-2024-6507 | activeloopai deeplake up to 3.9.10 Kaggle ingest_kaggle command injection (jfsa-2024-0010)

Posted by Angelo Barbosa | Jul 4, 2024 | CVE

A vulnerability was found in activeloopai deeplake up to 3.9.10 and classified as critical. This issue affects the function ingest_kaggle of the component Kaggle Handler. The manipulation leads to command injection.

The identification of this vulnerability is CVE-2024-6507. The attack may be initiated remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2024-6507 | activeloopai deeplake up to 3.9.10 Kaggle ingest_kaggle command injection (jfsa-2024-0010)

Related Posts

CVE-2024-41940 | Siemens SINEC NMS up to 2.x os command injection (ssa-784301)

CVE-2024-31352 | Email Subscribers & Newsletters Plugin up to 5.7.13 on WordPress authorization

CVE-2024-25981 | Moodle prior 4.3.3/4.1.9 Forum Export access control

CVE-2024-38882 | Horizon Business Services Caterease up to 24.0.1.2405 SQL Server xp_cmdshell os command injection