{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T23:28:08.436","vulnerabilities":[{"cve":{"id":"CVE-2024-9701","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:49.927","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Remote Code Execution (RCE) vulnerability has been identified in the Kedro ShelveStore class (version 0.19.8). This vulnerability allows an attacker to execute arbitrary Python code via deserialization of malicious payloads, potentially leading to a full system compromise. The ShelveStore class uses Python's shelve module to manage session data, which relies on pickle for serialization. Crafting a malicious payload and storing it in the shelve file can lead to RCE when the payload is deserialized."},{"lang":"es","value":"Se ha identificado una vulnerabilidad de Ejecución Remota de Código (RCE) en la clase Kedro ShelveStore (versión 0.19.8). Esta vulnerabilidad permite a un atacante ejecutar código Python arbitrario mediante la deserialización de payloads maliciosos, lo que podría comprometer por completo el sistema. La clase ShelveStore utiliza el módulo shelve de Python para gestionar los datos de sesión, que se basa en pickle para la serialización. Crear un payload malicioso y almacenarla en el archivo shelve puede provocar una RCE cuando se deserializa."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/kedro-org/kedro/commit/d79fa51de55ac0ccb58cce1a482df1b445f0fe7c","source":"security@huntr.dev"},{"url":"https://huntr.com/bounties/96c77fef-93b2-4d4d-8cbe-57a718d8eea5","source":"security@huntr.dev"}]}}]}