CVE-2024-52524

MEDIUM

Pypi Giskard < 2.15.5 - Remote Code Execution

Title source: rule

Description

Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected.

References (2)

[Vendor Advisory] https://github.com/Giskard-AI/giskard/security/advisories/GHSA-pjwm-cr36-mwv3

[Patch] https://github.com/Giskard-AI/giskard/commit/48ce81f5c626171767188d6f0669498fb613b4d3

View Patch ZIP pw:eip

Scores

CVSS v4 6.9

EPSS 0.0199

EPSS Percentile 83.7%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Clear

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-1333

Status published

Products (2)

Giskard-AI/giskard < 2.15.5

pypi/giskard 0 - 2.15.5PyPI

Published Nov 14, 2024

Tracked Since Feb 18, 2026