CVE-2024-34073
- Source
- https://cve.org/CVERecord?id=CVE-2024-34073
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34073.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-34073
- Aliases
- Published
- 2024-05-03T10:11:12.203Z
- Modified
- 2026-03-14T12:33:51.452052Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Command Injection in sagemaker-python-sdk
- Details
-
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in
sagemaker.serve.save_retrive.version_1_0_0.save.utilsmodule allows for potentially unsafe Operating System (OS) Command Injection if inappropriate command is passed as the “requirementspath” parameter. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. This issue has been addressed in version 2.214.3. Users are advised to upgrade. Users unable to upgrade should not override the “requirementspath” parameter of capturedependencies function insagemaker.serve.save_retrive.version_1_0_0.save.utils, and instead use the default value. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-78" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/34xxx/CVE-2024-34073.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/34xxx/CVE-2024-34073.json
- https://github.com/aws/sagemaker-python-sdk/commit/2d873d53f708ea570fc2e2a6974f8c3097fe9df5
- https://github.com/aws/sagemaker-python-sdk/pull/4556
- https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-7pc3-pr3q-58vg
- https://nvd.nist.gov/vuln/detail/CVE-2024-34073
Affected packages
Git / github.com/aws/sagemaker-python-sdk
Affected ranges
- Type
- GIT
- Repo
- https://github.com/aws/sagemaker-python-sdk
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/aws/sagemaker-python-sdk
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.10.0
v1.10.1
v1.11.0
v1.11.1
v1.11.2
v1.11.3
v1.12.0
v1.13.0
v1.14.0
v1.14.1
v1.14.2
v1.15.0
v1.15.1
v1.15.2
v1.16.1
v1.16.1.post1
v1.16.2
v1.16.3
v1.17.0
v1.17.1
v1.17.2
v1.18.0
v1.18.1
v1.18.10
v1.18.11
v1.18.12
v1.18.13
v1.18.14
v1.18.14.post0
v1.18.14.post1
v1.18.15
v1.18.16
v1.18.17
v1.18.18
v1.18.19
v1.18.2
v1.18.3
v1.18.3.post1
v1.18.4
v1.18.5
v1.18.6
v1.18.6.post0
v1.18.7
v1.18.8
v1.18.9
v1.18.9.post0
v1.18.9.post1
v1.19.0
v1.19.1
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.20.0
v1.20.1
v1.20.2
v1.20.3
v1.21.0
v1.21.1
v1.21.2
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.25.1
v1.26.0
v1.27.0
v1.28.0
v1.28.1
v1.28.2
v1.28.3
v1.29.0
v1.3.0
v1.30.0
v1.31.0
v1.31.1
v1.32.0
v1.32.1
v1.32.2
v1.33.0
v1.34.0
v1.34.1
v1.34.2
v1.34.3
v1.35.0
v1.35.1
v1.36.0
v1.36.1
v1.36.2
v1.36.3
v1.36.4
v1.37.0
v1.37.1
v1.37.2
v1.38.0
v1.38.1
v1.38.2
v1.38.3
v1.38.4
v1.38.5
v1.38.6
v1.39.0
v1.39.1
v1.39.2
v1.39.3
v1.39.4
v1.4.0
v1.4.1
v1.4.2
v1.40.0
v1.40.1
v1.40.2
v1.41.0
v1.42.0
v1.42.1
v1.42.2
v1.42.3
v1.42.4
v1.42.5
v1.42.6
v1.42.6.post0
v1.42.7
v1.42.8
v1.42.9
v1.43.0
v1.43.1
v1.43.2
v1.43.3
v1.43.4
v1.43.4.post0
v1.43.4.post1
v1.43.5
v1.44.0
v1.44.1
v1.44.2
v1.44.3
v1.44.4
v1.45.0
v1.45.1
v1.45.2
v1.46.0
v1.47.1
v1.48.0
v1.48.1
v1.49.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.50.0
v1.50.1
v1.50.10
v1.50.10.post0
v1.50.11
v1.50.12
v1.50.13
v1.50.14
v1.50.14.post0
v1.50.15
v1.50.16
v1.50.17
v1.50.17.post0
v1.50.18
v1.50.18.post0
v1.50.2
v1.50.3
v1.50.4
v1.50.5
v1.50.6
v1.50.6.post0
v1.50.7
v1.50.8
v1.50.9
v1.50.9.post0
v1.51.0
v1.51.1
v1.51.2
v1.51.3
v1.51.4
v1.52.0
v1.52.0.post0
v1.52.1
v1.53.0
v1.54.0
v1.55.0
v1.55.0.post0
v1.55.1
v1.55.2
v1.55.3
v1.55.4
v1.56.0
v1.56.1
v1.56.1.post0
v1.56.1.post1
v1.56.2
v1.56.3
v1.57.0
v1.58.0
v1.58.1
v1.58.2
v1.58.2.post0
v1.58.3
v1.58.4
v1.59.0
v1.6.0
v1.6.1
v1.60.0
v1.60.0.post0
v1.60.1
v1.60.1.post0
v1.60.2
v1.61.0
v1.62.0
v1.63.0
v1.64.0
v1.64.1
v1.65.0
v1.65.1
v1.65.1.post0
v1.65.1.post1
v1.66.0
v1.67.0
v1.67.1
v1.67.1.post0
v1.68.0
v1.69.0
v1.7.0
v1.7.1
v1.7.2
v1.70.0
v1.70.1
v1.70.2
v1.71.0
v1.71.1
v1.72.0
v1.8.0
v1.9.0
v1.9.1
v1.9.2
v1.9.3
v1.9.3.1
v2.*
v2.0.0
v2.0.0.rc0
v2.0.0.rc1
v2.0.1
v2.1.0
v2.10.0
v2.100.0
v2.101.0
v2.101.1
v2.102.0
v2.103.0
v2.104.0
v2.105.0
v2.106.0
v2.107.0
v2.108.0
v2.109.0
v2.11.0
v2.110.0
v2.111.0
v2.112.0
v2.112.1
v2.112.2
v2.113.0
v2.114.0
v2.115.0
v2.116.0
v2.117.0
v2.118.0
v2.12.0
v2.125.0
v2.126.0
v2.127.0
v2.128.0
v2.129.0
v2.13.0
v2.130.0
v2.131.0
v2.131.1
v2.132.0
v2.133.0
v2.134.0
v2.134.1
v2.135.0
v2.135.1
v2.135.1.post0
v2.136.0
v2.137.0
v2.138.0
v2.139.0
v2.14.0
v2.140.0
v2.140.1
v2.141.0
v2.142.0
v2.143.0
v2.144.0
v2.145.0
v2.146.0
v2.146.1
v2.147.0
v2.148.0
v2.149.0
v2.15.0
v2.15.1
v2.15.2
v2.15.3
v2.15.4
v2.150.0
v2.151.0
v2.152.0
v2.153.0
v2.154.0
v2.155.0
v2.156.0
v2.157.0
v2.158.0
v2.159.0
v2.16.0
v2.16.0.post0
v2.16.1
v2.16.2
v2.16.3
v2.16.3.post0
v2.16.4
v2.160.0
v2.161.0
v2.162.0
v2.163.0
v2.164.0
v2.165.0
v2.166.0
v2.167.0
v2.168.0
v2.169.0
v2.17.0
v2.170.0
v2.171.0
v2.172.0
v2.173.0
v2.174.0
v2.175.0
v2.176.0
v2.177.0
v2.177.1
v2.178.0
v2.179.0
v2.18.0
v2.180.0
v2.181.0
v2.182.0
v2.183.0
v2.184.0
v2.184.0.post0
v2.185.0
v2.186.0
v2.187.0
v2.188.0
v2.189.0
v2.19.0
v2.190.0
v2.191.0
v2.192.0
v2.192.1
v2.193.0
v2.194.0
v2.195.0
v2.195.1
v2.196.0
v2.197.0
v2.198.0
v2.199.0
v2.2.0
v2.20.0
v2.200.0
v2.200.1
v2.201.0
v2.202.0
v2.202.1
v2.203.0
v2.203.1
v2.204.0
v2.205.0
v2.206.0
v2.207.0
v2.207.1
v2.208.0
v2.209.0
v2.21.0
v2.210.0
v2.211.0
v2.212.0
v2.213.0
v2.214.0
v2.214.1
v2.214.2
v2.22.0
v2.23.0
v2.23.1
v2.23.2
v2.23.3
v2.23.4
v2.23.4.post0
v2.23.5
v2.23.6
v2.24.0
v2.24.1
v2.24.2
v2.24.3
v2.24.4
v2.24.5
v2.25.0
v2.25.1
v2.25.2
v2.26.0
v2.27.0
v2.27.1
v2.28.0
v2.29.0
v2.29.1
v2.29.2
v2.3.0
v2.30.0
v2.31.0
v2.31.1
v2.32.0
v2.32.1
v2.33.0
v2.34.0
v2.35.0
v2.36.0
v2.37.0
v2.38.0
v2.39.0
v2.39.0.post0
v2.39.1
v2.4.0
v2.4.1
v2.4.2
v2.40.0
v2.41.0
v2.42.0
v2.42.1
v2.43.0
v2.44.0
v2.45.0
v2.46.0
v2.46.1
v2.47.0
v2.47.1
v2.47.2
v2.47.2.post0
v2.48.0
v2.48.1
v2.48.2
v2.49.0
v2.49.1
v2.49.2
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.50.0
v2.50.1
v2.51.0
v2.52.0
v2.52.1
v2.52.2
v2.52.2.post0
v2.53.0
v2.54.0
v2.55.0
v2.56.0
v2.57.0
v2.58.0
v2.59.0
v2.59.1
v2.59.1.post0
v2.59.2
v2.59.3
v2.59.3.post0
v2.59.4
v2.59.5
v2.59.6
v2.59.7
v2.59.8
v2.6.0
v2.60.0
v2.61.0
v2.62.0
v2.63.0
v2.63.1
v2.63.2
v2.64.0
v2.65.0
v2.66.0
v2.66.1
v2.66.2
v2.66.2.post0
v2.67.0
v2.68.0
v2.69.0
v2.7.0
v2.70.0
v2.71.0
v2.72.0
v2.72.1
v2.72.2
v2.72.3
v2.73.0
v2.74.0
v2.75.0
v2.76.0
v2.77.0
v2.77.1
v2.78.0
v2.79.0
v2.8.0
v2.80.0
v2.81.0
v2.81.1
v2.82.0
v2.82.1
v2.82.2
v2.83.0
v2.84.0
v2.85.0
v2.86.0
v2.86.1
v2.86.2
v2.87.0
v2.88.0
v2.88.1
v2.88.2
v2.88.3
v2.89.0
v2.9.0
v2.9.1
v2.9.2
v2.90.0
v2.91.0
v2.91.1
v2.92.0
v2.92.1
v2.92.2
v2.93.0
v2.93.1
v2.94.0
v2.95.0
v2.96.0
v2.97.0
v2.98.0
v2.99.0