CNNVD-202602-059 Information
CNNVD ID
CNNVD-202602-059
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
Amazon SageMaker Python SDK是美国亚马逊(Amazon)公司的一个构件、训练和部署机器学习模型的开发者工具包。 Amazon SageMaker Python SDK v3.2.0之前版本和v2.256.0之前版本存在安全漏洞,该漏洞源于DescribeTrainingJob函数的明文响应中包含ModelBuilder HMAC签名密钥,可能导致第三方上传并执行任意工件。
Description (English)
Amazon SageMaker Python SDK is a developer ’ s toolkit for a building block, training and deployment machine learning model for Amazon America. The previous version of Amazon SageMaker Python SDK v3.2.0 and the previous version of v2.256.0 have a security loophole, which stems from the explicit response of the DescribeTrainingJob, which contains the ModelBuilder HMAC signature key, which may lead to the uploading and execution of any work by a third party.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
亚马逊
Published
2026-02-02
Last Modified
2026-02-24
References
https://aws.amazon.com/security/security-bulletins/2026-004-AWS/ https://access.redhat.com/security/cve/cve-2026-1777
Patch
https://aws.amazon.com/cn/security/security-bulletins/2026-004-AWS/
Share on: