Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
van_der_Schaar LAB AutoPrognosis Release Note load_model_from_file deserialization
Vulnerability Description
A vulnerability classified as critical was found in van_der_Schaar LAB AutoPrognosis 0.1.21. This vulnerability affects the function load_model_from_file of the component Release Note Handler. The manipulation leads to deserialization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-254530 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
可信数据的反序列化
Vulnerability Title
van_der_Schaar LAB AutoPrognosis 代码问题漏洞
Vulnerability Description
AutoPrognosis是van_der_Schaar LAB开源的一种针对临床预后的预测建模管道的系统。 van_der_Schaar LAB AutoPrognosis 0.1.21版本存在代码问题漏洞,该漏洞源于组件Release Note Handler中的load_model_from_file函数存在安全漏洞,导致反序列化。
CVSS Information
N/A
Vulnerability Type
N/A