PT-2024-18273 · Van Der Schaar · Van Der Schaar Lab Autoprognosis
Bayuncao
·
Published
2024-02-22
·
Updated
2024-12-31
·
CVE-2024-1748
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
van der Schaar LAB AutoPrognosis version 0.1.21
Description
A critical vulnerability was found in the function
load model from file of the component Release Note Handler. The manipulation leads to deserialization. The attack can be initiated remotely. The complexity of an attack is rather high, and the exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.Recommendations
For van der Schaar LAB AutoPrognosis version 0.1.21, as a temporary workaround, consider disabling the
load model from file function until a patch is available. Restrict access to the Release Note Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Van Der Schaar Lab Autoprognosis