CVE-2024-12044

NONE EPSS 64.9%
Published Mar 20, 20251y ago · Modified Jun 17, 20261w ago
Find Similar
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A remote code execution vulnerability exists in open-mmlab/mmdetection version v3.3.0. The vulnerability is due to the use of the `pickle.loads()` function in the `all_reduce_dict()` distributed training API without proper sanitization. This allows an attacker to execute arbitrary code by broadcasting a malicious payload to the distributed training network.

Threat Intelligence

EPSS Exploit Probability
64.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-502 Deserialization of Untrusted Data Validation

References 1

  • huntr.com https://huntr.com/bounties/f7e4fc32-e167-49fb-9fc7-f092b9c27e8a

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.