CVE-2024-9701

NONE EPSS 59.6%
Published Mar 20, 20251y ago · Modified Jun 17, 20261w ago
Find Similar
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A Remote Code Execution (RCE) vulnerability has been identified in the Kedro ShelveStore class (version 0.19.8). This vulnerability allows an attacker to execute arbitrary Python code via deserialization of malicious payloads, potentially leading to a full system compromise. The ShelveStore class uses Python's shelve module to manage session data, which relies on pickle for serialization. Crafting a malicious payload and storing it in the shelve file can lead to RCE when the payload is deserialized.

Threat Intelligence

EPSS Exploit Probability
59.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-502 Deserialization of Untrusted Data Validation

References 2

  • github.com https://github.com/kedro-org/kedro/commit/d79fa51de55ac0ccb58cce1a482df1b445f0fe7c
  • huntr.com https://huntr.com/bounties/96c77fef-93b2-4d4d-8cbe-57a718d8eea5

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.