{"data":{"id":"d096f6d4-3693-4204-9496-a3edba3e5197","title":"CVE-2024-56137: MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large ","summary":"CVE-2024-56137 is a remote command execution vulnerability (a flaw that lets attackers run system commands from a distance) in MaxKB, an open source knowledge base system that uses RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions). Before version 1.9.0, privileged users could execute operating system commands through custom scripts, but this weakness has been patched in the newer version.","solution":"The vulnerability has been fixed in v1.9.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-56137","publishedAt":"2025-01-02T15:15:24.283Z","cveId":"CVE-2024-56137","cweIds":["CWE-78"],"cvssScore":"6.8","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["MaxKB","1Panel-dev"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.03104,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"rag","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}