CVE-2024-34073: sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected ve
Summary
A vulnerability in sagemaker-python-sdk (a library for machine learning on Amazon SageMaker) allows OS command injection (running unauthorized system commands) if unsafe input is passed to the capture_dependencies function's requirements_path parameter, potentially letting attackers execute code remotely or disrupt service. The vulnerability affects versions before 2.214.3.
Solution / Mitigation
Upgrade to version 2.214.3 or later. Alternatively, users unable to upgrade should not override the "requirements_path" parameter of the capture_dependencies function and instead use the default value.
Vulnerability Details
7.8(high)
EPSS: 0.4%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-34073
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 95%