CVE-2024-27321

HIGH Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-95
View all →

Vulnerability Description

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python code, the code will be passed to an eval function which executes it.

Related Vulnerabilities

CVE-2023-6735

HIGH
CVSS:7.8(High)

Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

CWE-952023

CVE-2023-7101

HIGH
CVSS:7.8(High)

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated ...

CWE-952023

CVE-2023-7224

HIGH
CVSS:7.8(High)

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable

CWE-952023

CVE-2023-7245

HIGH
CVSS:7.8(High)

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via...

CWE-952023

CVE-2024-27320

HIGH
CVSS:7.8(High)

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user cre...

CWE-952024

CVE-2024-45858

HIGH
CVSS:7.8(High)

An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciousl...

CWE-952024