How severe is CVE-2024-34075?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.2 out of 10.

What type of vulnerability is CVE-2024-34075?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2024-34075 - MEDIUM Severity | CVSS 6.2

Vulnerability Description

kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the `MarkovData#getNext` method used in `Markov#generate` and `Markov#choose` allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a string contains a forbidden substring (i.e. `__proto__`) followed by a space character, the code will access a special property in `MarkovData#finalData` by removing the last character of the string, bypassing the dataset sanitization (as it is supposed to be already sanitized before this function is called). Any dataset can be contaminated with the substring making it unable to properly generate anything in some cases. This issue has been addressed in version 3.2.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2023-52357

MEDIUM

CVSS:6.2(Medium)

Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability.

CWE-5022023

CVE-2025-2251

MEDIUM

CVSS:6.2(Medium)

A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deseri...

CWE-5022025

CVE-2025-31935

MEDIUM

CVSS:6.2(Medium)

Subnet Solutions PowerSYSTEM Center is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the API may trigger an exception, resulting in a denial-of-serv...

CWE-5022025

CVE-2020-4271

MEDIUM

CVSS:6.3(Medium)

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897.

CWE-5022020

CVE-2020-4280

MEDIUM

CVSS:6.3(Medium)

IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function....

CWE-5022020

CVE-2020-4888

MEDIUM

CVSS:6.3(Medium)

IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content...

CWE-5022020