CVE-2024-27321

Name of the Vulnerable Software and Affected Versions Refuel Autolabel library versions 0.0.8 and newer

Description An arbitrary code execution issue exists due to the way multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python code, the code will be passed to an eval function which executes it.

Recommendations For Refuel Autolabel library versions 0.0.8 and newer, consider disabling the multilabel classification task feature until a patch is available to prevent the execution of malicious code. Restrict access to the eval function to minimize the risk of exploitation. Avoid using maliciously crafted CSV files in the affected library until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.