CVE-2024-10372

Name of the Vulnerable Software and Affected Versions chidiwilliams buzz version 1.1.0

Description A problematic vulnerability was found in the download model function of the buzz/model loader.py file. This issue leads to an insecure temporary file and can be exploited locally, with a high complexity of attack and difficult exploitation. The exploit has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations For version 1.1.0, as a temporary workaround, consider disabling the download model function until a patch is available. Restrict access to the buzz/model loader.py file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.