{"data":{"id":"3aae84ee-bd1a-435d-8dfd-e31ab6993b3a","title":"CVE-2024-34072: sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.","summary":"A vulnerability in the sagemaker-python-sdk library (used for machine learning on Amazon SageMaker) allows unsafe deserialization, where the NumpyDeserializer module can execute malicious code if it processes untrusted pickled data (serialized Python objects stored in a binary format). An attacker could exploit this to run arbitrary commands on a system or crash it.","solution":"Upgrade to sagemaker-python-sdk version 2.218.0 or later. If unable to upgrade, do not process pickled numpy object arrays from untrusted sources or data that could have been modified by others. Only use pickled numpy object arrays from sources you trust.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-34072","publishedAt":"2024-05-03T11:15:22.260Z","cveId":"CVE-2024-34072","cweIds":["CWE-502"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["Amazon SageMaker","sagemaker-python-sdk"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00593,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}