CVE-2024-39766

Name of the Vulnerable Software and Affected Versions: Intel(R) Neural Compressor versions prior to v3.0

Description: The issue is related to the improper neutralization of special elements used in SQL commands in Intel(R) Neural Compressor software. This may allow an authenticated user to potentially enable escalation of privilege via local access. The vulnerability can also be exploited by a remote attacker to elevate their privileges.

Recommendations: For versions prior to v3.0, update to version v3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL command functionality to minimize the risk of exploitation. Avoid using special elements in SQL commands until the issue is resolved.