AVID-2026-R0921

Description

Vulnerability CVE-2021-42951

Details

A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result.

Reason for inclusion in AVID: CVE-2021-42951 describes a remote code execution vulnerability in Algorithmia MSOL SaaS, where authenticated users can create and execute algorithms leading to RCE on the platform. This platform is used to deploy and run AI algorithms/models, i.e., part of the software stack that builds, deploys, and serves AI systems. The issue is a software vulnerability in a component used in AI pipelines, not hardware/firmware. The CVE/NVD sources provide explicit security impact signals, supporting its relevance to AI software supply chains. Therefore, it satisfies AI relevance, GP AI supply-chain scope, and security/safety impact with sufficient evidence.

References

• NVD entry
• http://algorithmia.com
• https://seclists.org/fulldisclosure/2022/Feb/33

Affected or Relevant Artifacts

• Developer: n/a
• Deployer: n/a
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-03-01
• Version: 0.3.3
• AVID Entry