CVE-2024-52524

Vulnerability Description

Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected.

Related Weaknesses (CWE)

References

• https://github.com/Giskard-AI/giskard/commit/48ce81f5c626171767188d6f0669498fb61
• https://github.com/Giskard-AI/giskard/security/advisories/GHSA-pjwm-cr36-mwv3

FAQ

What is CVE-2024-52524?

CVE-2024-52524 is a documented vulnerability. Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datase...

How severe is CVE-2024-52524?

CVSS scoring is not yet available for CVE-2024-52524. Check NVD for updates.

Is there a patch for CVE-2024-52524?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.