CVE-2024-52524

ReDoS in Giskard Scan text perturbation

Description

Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected.

INFO

Published Date :

2024-11-14T17:21:50.600Z

Last Modified :

2024-11-21T14:56:20.478Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-52524 vulnerability.

Vendors	Products
Giskard-ai	Giskard

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-52524.

URL	Resource
https://github.com/Giskard-AI/giskard/commit/48ce81f5c626171767188d6f0669498fb613b4d3
https://github.com/Giskard-AI/giskard/security/advisories/GHSA-pjwm-cr36-mwv3

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability