AVID-2026-R1478

Description

Deserialization of Untrusted Data in sagemaker-python-sdk (CVE-2024-34072)

Details

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. Users are advised to upgrade to version 2.218.0. Users unable to upgrade should not pass pickled numpy object arrays which originated from an untrusted source, or that could have been tampered with. Only pass pickled numpy object arrays from trusted sources.

Reason for inclusion in AVID: CVE-2024-34072 describes a deserialization vulnerability in the sagemaker-python-sdk (NumpyDeserializer) that can lead to remote code execution and DoS. The affected component is a software library used to train/deploy AI models on SageMaker, i.e., part of AI tooling. This is a software supply-chain issue in a component used to build/run general-purpose AI systems. The CVE provides explicit vulnerability behavior and a fix (upgrade to 2.218.0). Evidence is present in the CVE/NVD entry and AWS security advisory.

References

• NVD entry
• https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-wjvx-jhpj-r54r
• https://github.com/aws/sagemaker-python-sdk/pull/4557

Affected or Relevant Artifacts

• Developer: aws
• Deployer: aws
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2024-05-03
• Version: 0.3.3
• AVID Entry