Untriaged
Permalink
CVE-2024-37062
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Deserialization of untrusted data can occur in versions 3.7.0 or …
Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded.
References
Affected products
ydata-profiling
- =<*
- =<3.7.0
Matching in nixpkgs
pkgs.python312Packages.ydata-profiling
Create HTML profiling reports from Pandas DataFrames
-
nixos-unstable -
- nixpkgs-unstable 4.16.1
pkgs.python313Packages.ydata-profiling
Create HTML profiling reports from Pandas DataFrames
-
nixos-unstable -
- nixpkgs-unstable 4.16.1
Package maintainers
-
@bcdarwin Ben Darwin <bcdarwin@gmail.com>