{"data":{"id":"28fc5eac-b3be-4e88-a2b6-0b5d6cd62918","title":"CVE-2024-37065: Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously","summary":"CVE-2024-37065 is a vulnerability in skops (a Python library) version 0.6 and newer where deserialization (the process of converting saved data back into usable code) of untrusted data can occur, allowing a maliciously crafted model file to run arbitrary code on a user's computer when loaded.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-37065","publishedAt":"2024-06-04T12:15:13.507Z","cveId":"CVE-2024-37065","cweIds":["CWE-502"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":["model_theft","data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["skops"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00142,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}