Remote Code Execution Vulnerability in SageMaker Python SDK by AWS
CVE-2024-34072
What is CVE-2024-34072?
The SageMaker Python SDK, utilized for training and deploying machine learning models on Amazon SageMaker, contains a deserialization flaw in the 'sagemaker.base_deserializers.NumpyDeserializer' module prior to version 2.218.0. This vulnerability allows for unsafe deserialization of untrusted pickled numpy object arrays, potentially enabling unprivileged attackers to execute remote code or trigger denial of service attacks. This situation could compromise the confidentiality and integrity of the system. Users are strongly encouraged to update to version 2.218.0 or later to mitigate this risk. If upgrading is not feasible, it is critical to avoid processing pickled numpy object arrays from untrusted or potentially compromised sources.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.