Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
flink-extended ai-flow workflow_command.py cloudpickle.loads deserialization
Vulnerability Description
A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \ai_flow\cli\commands\workflow_command.py. The manipulation leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252205 was assigned to this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
可信数据的反序列化
Vulnerability Title
ai-flow 代码问题漏洞
Vulnerability Description
ai-flow是一个连接大数据和人工智能的开源框架。 flink-extended ai-flow 0.3.1 版本存在代码问题漏洞,该漏洞源于ai_flowclicommandsworkflow_command.py 中的函数cloudpickle.loads存在安全问题,导致反序列化。
CVSS Information
N/A
Vulnerability Type
N/A