PyPi: Cleanlab

CVE-2024-45857

Safety vulnerability ID: 73323

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 12, 2024 Updated at Sep 26, 2024
Scan your Python projects for vulnerabilities →

Advisory

Cleanlab project affected versions contain a security vulnerability in the deserialization process. When loading a data directory, a maliciously crafted datalab.pkl file can execute arbitrary code on the user's system. This vulnerability stems from the use of the pickle module for deserialization without proper safeguards. Attackers can exploit this flaw to compromise systems, potentially leading to data theft, system manipulation, or further malware deployment. Users should exercise extreme caution when loading data from untrusted sources, and consider updating to a patched version if available.

Affected package

cleanlab

Latest version: 2.7.0

The standard package for data-centric AI, machine learning with label errors, and automatically finding and fixing dataset issues in Python.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application