Plattform
python
Komponente
vertaai-modeldb
CVE-2024-1961 is a Remote Code Execution (RCE) vulnerability affecting the vertaai/modeldb Python component. This vulnerability stems from inadequate sanitization of user-supplied file paths within the file upload functionality, enabling attackers to write arbitrary files. Affected versions include all versions up to the latest release. A fix is available; upgrading is the recommended remediation.
The primary impact of CVE-2024-1961 is Remote Code Execution. An attacker can leverage this vulnerability to upload and write files to arbitrary locations on the server's filesystem. This is achieved by manipulating the 'artifact_path' parameter during file uploads, bypassing intended security controls. The most critical scenario involves overwriting the application's configuration file, potentially injecting malicious code that executes upon application startup. This could grant the attacker persistent access and control over the system. Because the vulnerability is tied to file system access, it could also be used to exfiltrate sensitive data stored on the server, depending on file permissions. The risk is amplified when vertaai/modeldb is deployed outside of Docker containers, as it lacks the isolation provided by containerization.
CVE-2024-1961 is currently not listed on the CISA KEV catalog. The EPSS score is pending evaluation. Public proof-of-concept (POC) code is not yet widely available, but the vulnerability's nature suggests it's relatively straightforward to exploit. Given the RCE potential and the ease of exploitation, active campaigns are possible. The vulnerability was publicly disclosed on April 16, 2024.
Organizations deploying vertaai/modeldb outside of Docker containers are at the highest risk. Environments with weak file access controls or inadequate input validation are also particularly vulnerable. Development environments and testing systems running vertaai/modeldb should be prioritized for patching.
• python / server:
find / -name 'NFSController.java' -o -name 'NFSService.java' 2>/dev/null• python / server:
ps aux | grep -i modeldb• generic web: Inspect file upload endpoints for the presence of the 'artifact_path' parameter. Monitor access logs for requests containing unusual or absolute file paths.
disclosure
Exploit-Status
EPSS
4.97% (90% Perzentil)
CVSS-Vektor
The immediate mitigation for CVE-2024-1961 is to upgrade to the patched version of vertaai/modeldb as soon as it becomes available. Until the patch is applied, consider implementing stricter file upload validation and sanitization on the server-side. Restrict write permissions on the application's deployment directory to the minimum necessary. Employ a Web Application Firewall (WAF) with rules to detect and block attempts to manipulate file paths, specifically targeting the 'artifact_path' parameter. Monitor application logs for suspicious file upload activity and unusual file modifications.
Actualice vertaai/modeldb a la última versión disponible. Asegúrese de que la aplicación se ejecute dentro de un contenedor Docker con configuraciones de seguridad adecuadas para mitigar el riesgo de escritura arbitraria de archivos. Revise y endurezca la configuración de la aplicación para evitar la sobrescritura de archivos críticos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-1961 is a Remote Code Execution vulnerability in vertaai/modeldb caused by improper file path sanitization, allowing attackers to write arbitrary files and potentially gain control of the system.
If you are using vertaai/modeldb versions up to the latest, you are potentially affected. Check your version and upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of vertaai/modeldb. Until then, implement strict file access controls and input validation.
While no active exploitation has been confirmed, the vulnerability's nature suggests a potential for exploitation, and monitoring is advised.
Refer to the vertaai/modeldb project's repository or official communication channels for the latest advisory and patch information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.