CVE-2024-9701 - Kedro ShelveStore Remote Code Execution Vulnerability
CVE-2024-9701 - Kedro ShelveStore Remote Code Execution Vulnerability
CVE ID : CVE-2024-9701 Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago Description : A Remote Code Execution (RCE) vulnerability has been identified in the Kedro ShelveStore class (version 0.19.8). This vulnerability allows an attacker to execute arbitrary Python code via deserialization of malicious payloads, potentially leading to
CVE ID : CVE-2024-9701
Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago
Description : A Remote Code Execution (RCE) vulnerability has been identified in the Kedro ShelveStore class (version 0.19.8). This vulnerability allows an attacker to execute arbitrary Python code via deserialization of malicious payloads, potentially leading to a full system compromise. The ShelveStore class uses Python’s shelve module to manage session data, which relies on pickle for serialization. Crafting a malicious payload and storing it in the shelve file can lead to RCE when the payload is deserialized.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…