7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-34072

GHSA ID

GHSA-wjvx-jhpj-r54r

EPSS Score

0.62152%

CWE

CWE-502

Published

5/3/2024

Updated

5/3/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-34072

CVE-2024-34072: sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data

Impact

sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity.

Impacted versions: <2.218.0.

Credit

We would like to thank HiddenLayer for collaborating on this issue through the coordinated vulnerability disclosure process.

Workarounds

Do not pass pickled numpy object arrays which originated from an untrusted source, or that could have been tampered with. Only pass pickled numpy object arrays from sources you trust.

References

If you have any questions or comments about this advisory we ask that you contact AWS/Amazon Security via our vulnerability reporting page [1] or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue. [1] Vulnerability reporting page: https://aws.amazon.com/security/vulnerability-reporting

Fixed by: https://github.com/aws/sagemaker-python-sdk/pull/4557

(GitHub Advisory)

7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-34072

GHSA ID

GHSA-wjvx-jhpj-r54r

EPSS Score

0.62152%

CWE

CWE-502

Published

5/3/2024

Updated

5/3/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
sagemaker	pip	< 2.218.0	2.218.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the NumpyDeserializer's deserialize method using numpy.load() with allow_pickle=True by default in versions <2.218.0. The commit diff shows the deserialization logic directly used the class's allow_pickle parameter (which was True by default pre-patch) when loading NPY/NPZ formats. This combination allows dangerous pickle deserialization. The vulnerability was fixed by setting allow_pickle=False by default and adding explicit error handling to prevent silent use of pickle loading without explicit opt-in.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t s***m*k*r.**s*_**s*ri*liz*rs.Numpy**s*ri*liz*r mo*ul* ***or* v*.***.* *llows pot*nti*lly uns*** **s*ri*liz*tion w**n untrust** **t* is p*ss** *s pi*kl** o*j**t *rr*ys. T*is *ons*qu*ntly m*y *llow *n unprivil**** t*ir* p*rty to **us* r*mot

Reasoning

T** vuln*r**ility st*ms *rom t** Numpy**s*ri*liz*r's **s*ri*liz* m*t*o* usin* numpy.lo**() wit* *llow_pi*kl*=Tru* *y ****ult in v*rsions <*.***.*. T** *ommit *i** s*ows t** **s*ri*liz*tion lo*i* *ir**tly us** t** *l*ss's *llow_pi*kl* p*r*m*t*r (w*i**

7.8

Basic Information

Concerned about an active attack path?

CVE-2024-34072: sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data

Impact

Credit

Workarounds

References

7.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI