CVE-2024-52524

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-52524
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52524.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-52524
Aliases
Published
2024-11-14T18:15:26Z
Modified
2024-11-18T22:46:38.970738Z
Summary
[none]
Details

Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected.

References

Affected packages

Git / github.com/giskard-ai/giskard

Affected ranges

Type
GIT
Repo
https://github.com/giskard-ai/giskard
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

hub

python-client-1.*

python-client-1.8.0

python-client-v1.*

python-client-v1.9.1

v0.*

v0.1.1
v0.2.0

v1.*

v1.0.0
v1.1.0
v1.2.0
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.5.0
v1.8.0

v2.*

v2.0.0
v2.0.0b10
v2.0.0b11
v2.0.0b12
v2.0.0b14
v2.0.0b15
v2.0.0b16
v2.0.0b17
v2.0.0b18
v2.0.0b19
v2.0.0b20
v2.0.0b23
v2.0.0b24
v2.0.0b25
v2.0.0b26
v2.0.0b27
v2.0.0b28
v2.0.0b29
v2.0.0b30
v2.0.0b31
v2.0.0b32
v2.0.0b33
v2.0.0b34
v2.0.0b4
v2.0.0b9
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.10.0
v2.11.0
v2.12.0
v2.13.0
v2.14.0
v2.14.1
v2.14.2
v2.14.3
v2.14.4
v2.14.5
v2.14.6
v2.15.0
v2.15.1
v2.15.2
v2.15.3
v2.15.4
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.6.0
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.8.0
v2.9.0
v2.9.1