CVE-2024-11392

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 27, 2024
CWE ID 502

Summary

CVE-2024-11392 is a remote code execution vulnerability affecting Hugging Face Transformers' MobileViTV2. This issue arises due to insufficient validation of user-supplied data in the handling of configuration files, leading to deserialization of untrusted data. An attacker can exploit this vulnerability by manipulating a target to visit a malicious page or open a maliciously crafted file. Successful exploitation enables the attacker to execute arbitrary code in the context of the current user. (ZDI-CAN-24322)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share