CVE-2024-52524

Nov. 21, 2024, 3:15 p.m.

None
No Score

Description

Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected.

Product(s) Impacted

Product Versions
Giskard
  • ['before 2.15.5']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1333
Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References

https://github.com/Giskard-AI/giskard/commit/48ce81f5c626171767188d6f0669498fb613b4d3
https://github.com/Giskard-AI/giskard/security/advisories/GHSA-pjwm-cr36-mwv3

Tags

security-advisories@github.com
CWE-1333
2024-11-14
CVE-2024-52524

Timeline

Published: Nov. 14, 2024, 6:15 p.m.
Last Modified: Nov. 21, 2024, 3:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.