cnvd - cnvd-2024-41690

CNVD-2024-41690

Vulnerability from cnvd - Published: 2024-10-25

Title

flair代码注入漏洞

Description

flair是flair开源的一个非常简单的最先进的NLP框架。 flair 0.14.0版本存在代码注入漏洞，该漏洞源于文件flairmodelsclustering.py的函数ClusteringModel会导致代码注入。目前没有详细漏洞细节提供。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://vuldb.com/?id.280722

Reference

https://cxsecurity.com/cveshow/CVE-2024-10073/

Impacted products

Name
flair flair 0.14.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-10073"
    }
  },
  "description": "flair\u662fflair\u5f00\u6e90\u7684\u4e00\u4e2a\u975e\u5e38\u7b80\u5355\u7684\u6700\u5148\u8fdb\u7684NLP\u6846\u67b6\u3002\n\nflair 0.14.0\u7248\u672c\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6flairmodelsclustering.py\u7684\u51fd\u6570ClusteringModel\u4f1a\u5bfc\u81f4\u4ee3\u7801\u6ce8\u5165\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://vuldb.com/?id.280722",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-41690",
  "openTime": "2024-10-25",
  "products": {
    "product": "flair flair 0.14.0"
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2024-10073/",
  "serverity": "\u4e2d",
  "submitTime": "2024-10-21",
  "title": "flair\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2024-10073 (GCVE-0-2024-10073)

Vulnerability from cvelistv5 – Published: 2024-10-17 16:31 – Updated: 2024-10-17 18:35

Title

flairNLP flair Mode File Loader clustering.py ClusteringModel code injection

Summary

A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-94 - Code Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.280722	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.280722	signaturepermissions-required
	https://vuldb.com/?submit.420055	third-party-advisory
	https://github.com/bayuncao/vul-cve-20	related
	https://github.com/bayuncao/vul-cve-20/blob/main/PoC.py	exploit

Impacted products

	Vendor	Product	Version
	flairNLP	flair	Affected: 0.14.0

Credits

runshen.gao (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10073",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T18:30:43.652688Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T18:35:10.889Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Mode File Loader"
          ],
          "product": "flair",
          "vendor": "flairNLP",
          "versions": [
            {
              "status": "affected",
              "version": "0.14.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "runshen.gao (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\\models\\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in flairNLP flair 0.14.0 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion ClusteringModel der Datei flair\\models\\clustering.py der Komponente Mode File Loader. Mit der Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.1,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-17T16:31:08.443Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-280722 | flairNLP flair Mode File Loader clustering.py ClusteringModel code injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.280722"
        },
        {
          "name": "VDB-280722 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.280722"
        },
        {
          "name": "Submit #420055 | flairNLP flair v0.14.0 Code Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.420055"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/bayuncao/vul-cve-20"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/bayuncao/vul-cve-20/blob/main/PoC.py"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-17T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-10-17T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-10-17T09:45:44.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "flairNLP flair Mode File Loader clustering.py ClusteringModel code injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-10073",
    "datePublished": "2024-10-17T16:31:08.443Z",
    "dateReserved": "2024-10-17T07:40:32.566Z",
    "dateUpdated": "2024-10-17T18:35:10.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-41690

CVE-2024-10073 (GCVE-0-2024-10073)

Tags

Sightings

Nomenclature