{"data":{"id":"055218af-d22d-4ea7-b814-3b21c2c8ecc9","title":"CVE-2024-11392: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulner","summary":"Hugging Face Transformers MobileViTV2 has a vulnerability where attackers can execute arbitrary code (running commands they choose) by tricking users into visiting malicious pages or opening malicious files that contain specially crafted configuration files. The flaw happens because the software doesn't properly check (validate) data before deserializing it (converting it from stored format back into usable code), allowing untrusted data to be executed.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-11392","publishedAt":"2024-11-23T03:15:06.970Z","cveId":"CVE-2024-11392","cweIds":["CWE-502"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["model_theft"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Hugging Face Transformers","MobileViTV2"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.53121,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}