by vicarius
log in join community
by @secatgourity
08 Jul 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Learning about Deep Lake Kaggle dataset command injection for fun (CVE-2024-6507)

by @secatgourity
by @secatgourity
08 Jul 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Learning about Deep Lake Kaggle dataset command injection for fun (CVE-2024-6507)

CVEs

CVE-2024-6507
8.1 High Severity

Screenshots from the blog posts

images/clyb48mudtgum1gmw69y81zg3.jpgimages/clyb48mudtgum1gmw69y81zg3.jpg

Summary

In this post, we will understand about the exploit and the root cause of a command injection vulnerability found in the data lake component of Kaggle, while loading an external dataset. We also analyze the patch and understand how it all got fixed.

Script link

Deep Lake Kaggle dataset command injection | JFSA-2024-001035320 - JFrog Security Research

CVE-2024-6507, HIGH, Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in the ingest_kaggle() API

image

Description

Tags

#RCE#easy_to_exploit#exposed_to_RCE_attack#python#open-source#trending#kaggle#data-science#command-injection

@secatgourity

190 posts

Total vcoins

0

Social media links

Comments (0)