CVE-2024-37064

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jun 4, 2024

CWE ID 502

Summary

CVE-2024-37064 is a deserialization vulnerability affecting versions 3.7.0 and above of Ydata's ydata-profiling open-source library. This issue allows a maliciously crafted dataset to execute arbitrary code on an end user's system upon being loaded. An attacker could exploit this vulnerability by supplying a specially crafted dataset to an unsuspecting user, potentially leading to significant security risks. Users are strongly encouraged to update their library to a patched version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wNY1zg
https://www.cve.org/CVERecord?id=CVE-2024-37064
https://nvd.nist.gov/vuln/detail/CVE-2024-37064

Back to Vulnerability Database

CVE-2024-37064

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations