PT-2025-12116 · Open Mmlab · Open-Mmlab/Mmdetection

Published

2025-03-20

Updated

2025-03-21

CVE-2024-12044

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions open-mmlab/mmdetection version v3.3.0

Description A remote code execution issue exists due to the use of the pickle.loads() function in the all reduce dict() distributed training API without proper sanitization, allowing an attacker to execute arbitrary code by broadcasting a malicious payload to the distributed training network.

Recommendations For open-mmlab/mmdetection version v3.3.0, consider disabling the use of the pickle.loads() function in the all reduce dict() API until a patch is available, or restrict access to the distributed training network to minimize the risk of exploitation.

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2024-12044

Affected Products

Open-Mmlab/Mmdetection

PT-2025-12116 · Open Mmlab · Open-Mmlab/Mmdetection

CVE-2024-12044

Weakness Enumeration

Related Identifiers

Affected Products

References · 3