Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution
Vulnerability Description
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. This is fixed in version 0.12.0.
CVSS Information
N/A
Vulnerability Type
不充分的类型区分
Vulnerability Title
Skops 安全漏洞
Vulnerability Description
Skops是Skops项目的一个 Python 库,可帮助共享基于 scikit-learn 的模型并将其投入生产。 Skops 0.11.0及之前版本存在安全漏洞,该漏洞源于OperatorFuncNode不一致性,可能导致任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A