Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for giskard by giskard-ai

    CVE-2024-52524 (GCVE-0-2024-52524)

    Vulnerability from nvd – Published: 2024-11-14 17:21 – Updated: 2024-11-21 14:56
    VLAI
    Title
    ReDoS in Giskard Scan text perturbation
    Summary
    Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    References
    Impacted products
    Vendor Product Version
    Giskard-AI giskard Affected: < 2.15.5
    Create a notification for this product.
    giskard-ai giskard Affected: 0 , < 2.15.5 (custom)
        cpe:2.3:a:giskard-ai:giskard:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:giskard-ai:giskard:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "giskard",
                "vendor": "giskard-ai",
                "versions": [
                  {
                    "lessThan": "2.15.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52524",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-18T20:21:38.517597Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T14:56:20.478Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "giskard",
              "vendor": "Giskard-AI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.15.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Clear",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-14T17:21:50.600Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Giskard-AI/giskard/security/advisories/GHSA-pjwm-cr36-mwv3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Giskard-AI/giskard/security/advisories/GHSA-pjwm-cr36-mwv3"
            },
            {
              "name": "https://github.com/Giskard-AI/giskard/commit/48ce81f5c626171767188d6f0669498fb613b4d3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Giskard-AI/giskard/commit/48ce81f5c626171767188d6f0669498fb613b4d3"
            }
          ],
          "source": {
            "advisory": "GHSA-pjwm-cr36-mwv3",
            "discovery": "UNKNOWN"
          },
          "title": "ReDoS in Giskard Scan text perturbation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-52524",
        "datePublished": "2024-11-14T17:21:50.600Z",
        "dateReserved": "2024-11-11T18:49:23.560Z",
        "dateUpdated": "2024-11-21T14:56:20.478Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52524 (GCVE-0-2024-52524)

    Vulnerability from cvelistv5 – Published: 2024-11-14 17:21 – Updated: 2024-11-21 14:56
    VLAI
    Title
    ReDoS in Giskard Scan text perturbation
    Summary
    Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    References
    Impacted products
    Vendor Product Version
    Giskard-AI giskard Affected: < 2.15.5
    Create a notification for this product.
    giskard-ai giskard Affected: 0 , < 2.15.5 (custom)
        cpe:2.3:a:giskard-ai:giskard:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:giskard-ai:giskard:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "giskard",
                "vendor": "giskard-ai",
                "versions": [
                  {
                    "lessThan": "2.15.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52524",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-18T20:21:38.517597Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T14:56:20.478Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "giskard",
              "vendor": "Giskard-AI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.15.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Clear",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-14T17:21:50.600Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Giskard-AI/giskard/security/advisories/GHSA-pjwm-cr36-mwv3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Giskard-AI/giskard/security/advisories/GHSA-pjwm-cr36-mwv3"
            },
            {
              "name": "https://github.com/Giskard-AI/giskard/commit/48ce81f5c626171767188d6f0669498fb613b4d3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Giskard-AI/giskard/commit/48ce81f5c626171767188d6f0669498fb613b4d3"
            }
          ],
          "source": {
            "advisory": "GHSA-pjwm-cr36-mwv3",
            "discovery": "UNKNOWN"
          },
          "title": "ReDoS in Giskard Scan text perturbation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-52524",
        "datePublished": "2024-11-14T17:21:50.600Z",
        "dateReserved": "2024-11-11T18:49:23.560Z",
        "dateUpdated": "2024-11-21T14:56:20.478Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }