CVE-2024-0959 MEDIUM

CVE-2024-0959: StanfordVL GibsonEnv pposgd_fuse.py cloudpickle.load deserialization

Vendor Stanfordvl
Product GibsonEnv
Weakness CWE-502 · Unsafe deserialization
Published January 27, 2024
Last update November 13, 2024
View on NVD All CVEs

CVSS base score

5.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\utils\pposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204.

Key dates

02Disclosure timeline

January 27, 2024 CVE published
November 13, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2020-10917 CVE-2024-49318 WordPress My Reading Library plugin <= 1.0 - PHP Object Injection vulnerability CVE-2017-3207 WebORB for Java by Midnight Coders, version 5.1.1.0, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization CVE-2025-69079 WordPress Sound | Musical Instruments Online Store theme <= 1.6.9 - Deserialization of untrusted data vulnerability CVE-2025-53416 File Parsing Deserialization of Untrusted Data in DTN Soft