Description
A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\utils\pposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204.
References (4)
Core 4
Core References
Permissions Required vdb-entry
technical-description
https://vuldb.com/?id.252204
Permissions Required signature
permissions-required
https://vuldb.com/?ctiid.252204
Broken Link related
https://github.com/bayuncao/vul-cve-7
Broken Link exploit
https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl
Scores
CVSS v3
5.0
EPSS
0.0009
EPSS Percentile
26.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-502
Status
published
Products (1)
standford/gibsonenv
0.3.1
Published
Jan 27, 2024
Tracked Since
Feb 18, 2026