Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Cleanlab 安全漏洞
Vulnerability Description
Cleanlab是Cleanlab开源的一个以数据为中心的标准 AI 软件包。 Cleanlab 2.4.0及之前版本存在安全漏洞,该漏洞源于存在不受信任的数据的反序列化,恶意制作的datalab.pkl文件可以在加载数据目录时在最终用户的系统上运行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A