ReDoS in Giskard Scan text perturbation
CVE-2024-52524

Currently unrated

Key Information:

Vendor

Giskard-ai

Status
Giskard
Vendor
CVE Published:
14 November 2024

What is CVE-2024-52524?

Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected.

Affected Version(s)

giskard < 2.15.5

References

https://github.com/Giskard-AI/giskard/security/advisories...
x_refsource_CONFIRM
https://github.com/Giskard-AI/giskard/commit/48ce81f5c626...
x_refsource_MISC

Timeline

  • Vulnerability published

.