Vulnerabilites related to scikit-learn - scikit-learn
Vulnerability from fkie_nvd
Published
2020-11-21 21:15
Modified
2024-11-21 05:23
Severity ?
Summary
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| scikit-learn | scikit-learn | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:scikit-learn:scikit-learn:*:*:*:*:*:*:*:*", matchCriteriaId: "4320862C-5961-4410-A723-8AC2475C9C51", versionEndExcluding: "1.0.1", versionStartIncluding: "0.23.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.", }, { lang: "es", value: "**EN DISPUTA** La función svm_predict_values en el archivo svm.cpp en Libsvm versión v324, como es usado en scikit-learn versiones 0.23.2 y otros productos, permite a atacantes causar una denegación de servicio (fallo de segmentación) por medio de un modelo SVM diseñado (introducido por medio de pickle, json o cualquier otro modelo estándar de permanencia) con un valor grande en la matriz _n_supportNOTA: la posición del proveedor de scikit-learn es que el comportamiento sólo puede ocurrir si la API de la biblioteca es violada por una aplicación que cambia un atributo privado", }, ], id: "CVE-2020-28975", lastModified: "2024-11-21T05:23:25.657", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-21T21:15:10.680", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160281/SciKit-Learn-0.23.2-Denial-Of-Service.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Nov/44", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/cjlin1/libsvm/blob/9a3a9708926dec87d382c43b203f2ca19c2d56a0/svm.cpp#L2501", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/scikit-learn/scikit-learn/issues/18891", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202301-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160281/SciKit-Learn-0.23.2-Denial-Of-Service.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Nov/44", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/cjlin1/libsvm/blob/9a3a9708926dec87d382c43b203f2ca19c2d56a0/svm.cpp#L2501", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/scikit-learn/scikit-learn/issues/18891", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202301-03", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-06 19:16
Modified
2024-11-21 09:47
Severity ?
Summary
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the `stop_words_` attribute, rather than only storing the subset of tokens required for the TF-IDF technique to function. This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. The impact of this vulnerability varies based on the nature of the data being processed by the vectorizer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| scikit-learn | scikit-learn | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:scikit-learn:scikit-learn:*:*:*:*:*:python:*:*", matchCriteriaId: "C27C3BF2-FC82-4EC8-908F-61EB93677AC1", versionEndExcluding: "1.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the `stop_words_` attribute, rather than only storing the subset of tokens required for the TF-IDF technique to function. This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. The impact of this vulnerability varies based on the nature of the data being processed by the vectorizer.", }, { lang: "es", value: "Se identificó una vulnerabilidad de fuga de datos confidenciales en TfidfVectorizer de scikit-learn, específicamente en versiones hasta la 1.4.1.post1 incluida, que se solucionó en la versión 1.5.0. La vulnerabilidad surge del almacenamiento inesperado de todos los tokens presentes en los datos de entrenamiento dentro del atributo `stop_words_`, en lugar de almacenar solo el subconjunto de tokens necesarios para que funcione la técnica TF-IDF. Este comportamiento conduce a una posible fuga de información confidencial, ya que el atributo `stop_words_` podría contener tokens que debían descartarse y no almacenarse, como contraseñas o claves. El impacto de esta vulnerabilidad varía según la naturaleza de los datos que procesa el vectorizador.", }, ], id: "CVE-2024-5206", lastModified: "2024-11-21T09:47:11.143", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-06T19:16:06.363", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/scikit-learn/scikit-learn/commit/70ca21f106b603b611da73012c9ade7cd8e438b8", }, { source: "security@huntr.dev", tags: [ "Third Party Advisory", ], url: "https://huntr.com/bounties/14bc0917-a85b-4106-a170-d09d5191517c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/scikit-learn/scikit-learn/commit/70ca21f106b603b611da73012c9ade7cd8e438b8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://huntr.com/bounties/14bc0917-a85b-4106-a170-d09d5191517c", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-921", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-922", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-15 19:15
Modified
2024-11-21 05:00
Severity ?
Summary
scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| scikit-learn | scikit-learn | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:scikit-learn:scikit-learn:*:*:*:*:*:*:*:*", matchCriteriaId: "BFA8D419-E6D7-4DBF-9554-957975CD6101", versionEndIncluding: "0.23.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner", }, { lang: "es", value: "** EN DISPUTA ** scikit-learn (también se conoce como sklearn) versiones hasta 0.23.0, puede deserializar y ejecutar comandos desde un archivo no confiable que es pasado hacia la función joblib.load(), si __reduce__ realiza una llamada os.system. NOTA: terceros disputan este problema porque la función joblib.load () está documentada como insegura y es responsabilidad del usuario usar la función de manera segura.", }, ], id: "CVE-2020-13092", lastModified: "2024-11-21T05:00:39.113", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-15T19:15:12.277", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2024-5206
Vulnerability from cvelistv5
Published
2024-06-06 18:28
Modified
2024-08-01 21:03
Severity ?
EPSS score ?
Summary
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the `stop_words_` attribute, rather than only storing the subset of tokens required for the TF-IDF technique to function. This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. The impact of this vulnerability varies based on the nature of the data being processed by the vectorizer.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| scikit-learn | scikit-learn/scikit-learn |
Version: unspecified < 1.5.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:scikit-learn:scikit-learn:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "scikit-learn", vendor: "scikit-learn", versions: [ { lessThan: "1.5.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5206", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-07T15:11:02.549686Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-07T15:12:13.507Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:11.034Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/14bc0917-a85b-4106-a170-d09d5191517c", }, { tags: [ "x_transferred", ], url: "https://github.com/scikit-learn/scikit-learn/commit/70ca21f106b603b611da73012c9ade7cd8e438b8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "scikit-learn/scikit-learn", vendor: "scikit-learn", versions: [ { lessThan: "1.5.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the `stop_words_` attribute, rather than only storing the subset of tokens required for the TF-IDF technique to function. This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. The impact of this vulnerability varies based on the nature of the data being processed by the vectorizer.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-921", description: "CWE-921 Storage of Sensitive Data in a Mechanism without Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-17T18:56:36.616Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/14bc0917-a85b-4106-a170-d09d5191517c", }, { url: "https://github.com/scikit-learn/scikit-learn/commit/70ca21f106b603b611da73012c9ade7cd8e438b8", }, ], source: { advisory: "14bc0917-a85b-4106-a170-d09d5191517c", discovery: "EXTERNAL", }, title: "Sensitive Data Leakage in sklearn.feature_extraction.text.TfidfVectorizer in scikit-learn/scikit-learn", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-5206", datePublished: "2024-06-06T18:28:14.267Z", dateReserved: "2024-05-22T15:52:49.284Z", dateUpdated: "2024-08-01T21:03:11.034Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28975
Vulnerability from cvelistv5
Published
2020-11-21 00:00
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2020-28975", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T20:03:17.341405Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T20:03:29.403Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T16:48:01.573Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/scikit-learn/scikit-learn/issues/18891", }, { tags: [ "x_transferred", ], url: "https://github.com/cjlin1/libsvm/blob/9a3a9708926dec87d382c43b203f2ca19c2d56a0/svm.cpp#L2501", }, { name: "20201130 scikit-learn 0.23.2 Local Denial of Service", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Nov/44", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/160281/SciKit-Learn-0.23.2-Denial-Of-Service.html", }, { tags: [ "x_transferred", ], url: "https://github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85", }, { name: "GLSA-202301-03", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202301-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-11T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/scikit-learn/scikit-learn/issues/18891", }, { url: "https://github.com/cjlin1/libsvm/blob/9a3a9708926dec87d382c43b203f2ca19c2d56a0/svm.cpp#L2501", }, { name: "20201130 scikit-learn 0.23.2 Local Denial of Service", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2020/Nov/44", }, { url: "http://packetstormsecurity.com/files/160281/SciKit-Learn-0.23.2-Denial-Of-Service.html", }, { url: "https://github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85", }, { name: "GLSA-202301-03", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202301-03", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-28975", datePublished: "2020-11-21T00:00:00", dateReserved: "2020-11-21T00:00:00", dateUpdated: "2024-08-04T16:48:01.573Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13092
Vulnerability from cvelistv5
Published
2020-05-15 18:41
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:11:18.980Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-18T11:16:54", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md", }, { tags: [ "x_refsource_MISC", ], url: "https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13092", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md", refsource: "MISC", url: "https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md", }, { name: "https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations", refsource: "MISC", url: "https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13092", datePublished: "2020-05-15T18:41:33", dateReserved: "2020-05-15T00:00:00", dateUpdated: "2024-08-04T12:11:18.980Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }