CVE-2024-45857 Information

Description

Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded.

Reference

https://hiddenlayer.com/sai-security-advisory/2024-09-cleanlab/