Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-52524

Good to know:

icon
icon

Date: November 14, 2024

Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected.

Language: Python

Severity Score

Related Resources (5)

https://github.com/Giskard-AI/giskard/commit/48ce81f5c626171767188d6f0669498fb613b4d3
https://nvd.nist.gov/vuln/detail/CVE-2024-52524
https://github.com/Giskard-AI/giskard
https://github.com/Giskard-AI/giskard/security/advisories/GHSA-pjwm-cr36-mwv3
https://www.mend.io/vulnerability-database/CVE-2024-52524

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

icon

Upgrade Version

Upgrade to version giskard - 2.15.5

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us