漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cleartext transmission of sensitive materials in aws/sagemaker-python-sdk
Vulnerability Description
The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output location may have the ability to upload arbitrary artifacts which are executed the next time the Training Job is invoked.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
敏感数据的明文传输
Vulnerability Title
Amazon SageMaker Python SDK 安全漏洞
Vulnerability Description
Amazon SageMaker Python SDK是美国亚马逊(Amazon)公司的一个构件、训练和部署机器学习模型的开发者工具包。 Amazon SageMaker Python SDK v3.2.0之前版本和v2.256.0之前版本存在安全漏洞,该漏洞源于DescribeTrainingJob函数的明文响应中包含ModelBuilder HMAC签名密钥,可能导致第三方上传并执行任意工件。
CVSS Information
N/A
Vulnerability Type
N/A