CVE-2024-5998

MEDIUM Year: 2024
CVSS v3 Score
5.2
Medium
Weakness Type
CWE-502
View all →

Vulnerability Description

A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product.

Related Vulnerabilities

CVE-2016-8653

MEDIUM
CVSS:5.3(Medium)

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack.

CWE-5022016

CVE-2016-9585

MEDIUM
CVSS:5.3(Medium)

Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability result...

CWE-5022016

CVE-2018-1999042

MEDIUM
CVSS:5.3(Medium)

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.

CWE-5022018

CVE-2023-27531

MEDIUM
CVSS:5.3(Medium)

There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code

CWE-5022023

CVE-2023-33008

MEDIUM
CVSS:5.3(Medium)

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000) tha...

CWE-5022023

CVE-2024-29032

MEDIUM
CVSS:5.3(Medium)

Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21...

CWE-5022024