CVE-2024-37065 Information

Description

Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library enabling a maliciously crafted model to run arbitrary code on an end user’s system when loaded.

Reference

https://hiddenlayer.com/sai-security-advisory/skops-june2024