CVE-2024-52524
MEDIUMGiskard < 2.15.5 - Denial of Service via Inefficient Regular Expression Complexity
Title source: llmDescription
Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/Giskard-AI/giskard/security/advisories/GHSA-pjwm-cr36-mwv3
Scores
CVSS v4
6.9
EPSS
0.0078
EPSS Percentile
51.1%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Clear
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-1333
Status
published
Products (2)
Giskard-AI/giskard
< 2.15.5
pypi/giskard
0 - 2.15.5PyPI
Published
Nov 14, 2024
Tracked Since
Feb 18, 2026