{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-1748","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-02-22T14:23:14.303Z","datePublished":"2024-02-22T19:31:04.494Z","dateUpdated":"2025-04-22T16:16:55.447Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-02-22T19:31:04.494Z"},"title":"van_der_Schaar LAB AutoPrognosis Release Note load_model_from_file deserialization","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-502","lang":"en","description":"CWE-502 Deserialization"}]}],"affected":[{"vendor":"van_der_Schaar LAB","product":"AutoPrognosis","versions":[{"version":"0.1.21","status":"affected"}],"modules":["Release Note Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical was found in van_der_Schaar LAB AutoPrognosis 0.1.21. This vulnerability affects the function load_model_from_file of the component Release Note Handler. The manipulation leads to deserialization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-254530 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"In van_der_Schaar LAB AutoPrognosis 0.1.21 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um die Funktion load_model_from_file der Komponente Release Note Handler. Dank Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":5,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5,"vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5.1,"vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-02-22T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-02-22T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-02-22T15:28:42.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"bayuncao (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.254530","name":"VDB-254530 | van_der_Schaar LAB AutoPrognosis Release Note load_model_from_file deserialization","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.254530","name":"VDB-254530 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://github.com/bayuncao/vul-cve-13","tags":["broken-link","exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-02-23T18:15:09.315223Z","id":"CVE-2024-1748","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-22T16:16:55.447Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T18:48:21.885Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.254530","name":"VDB-254530 | van_der_Schaar LAB AutoPrognosis Release Note load_model_from_file deserialization","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.254530","name":"VDB-254530 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/bayuncao/vul-cve-13","tags":["broken-link","exploit","x_transferred"]}]}]}}