{"data":{"id":"24b9f939-b723-41de-a55c-aa7e907da1e3","title":"CVE-2024-5206: A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to ","summary":"A vulnerability in scikit-learn's TfidfVectorizer (a tool that converts text into numerical data for machine learning) stored all words from training data in an attribute called `stop_words_`, instead of just the necessary ones, potentially leaking sensitive information like passwords or keys. The vulnerability affected versions up to 1.4.1.post1 but the risk depends on what type of data is being processed.","solution":"Fixed in version 1.5.0.","labels":["security","privacy"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-5206","publishedAt":"2024-06-06T23:16:06.363Z","cveId":"CVE-2024-5206","cweIds":["CWE-921","CWE-922"],"cvssScore":"4.7","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["scikit-learn"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00037,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"training_data","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}