-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ydata-profiling | pip | >= 3.7.0, <= 4.8.3 |
Miggo AIRoot Cause AnalysisThe vulnerability CVE-2024-37062 explicitly involves unsafe deserialization via the load/loads functions in the SerializeReport class. The HiddenLayer advisory confirms that loads directly uses pickle.loads on untrusted input, and load depends on loads, making both entry points for exploitation. The provided code snippets and exploit example demonstrate these functions' roles in the insecure deserialization chain.
A Semantic Attack on Google Gemini - Read the Latest Research