CVE-2024-34072
📋 TL;DR
CVE-2024-34072 is a deserialization vulnerability in the sagemaker-python-sdk's NumpyDeserializer module that allows remote code execution when processing untrusted pickled numpy object arrays. This affects users of Amazon SageMaker who use the Python SDK for machine learning workflows. Attackers could execute arbitrary code, compromise data, or cause denial of service.
💻 Affected Systems
- Amazon SageMaker Python SDK
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with remote code execution leading to data exfiltration, lateral movement, and complete loss of confidentiality and integrity.
Likely Case
Remote code execution within the SageMaker environment, potentially accessing sensitive model data, training data, or cloud credentials.
If Mitigated
No impact if only trusted pickled numpy arrays are processed or if the vulnerability is patched.
🎯 Exploit Status
Requires attacker to supply malicious pickled numpy object arrays to vulnerable deserialization endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.218.0
Vendor Advisory: https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-wjvx-jhpj-r54r
Restart Required: No
Instructions:
1. Update sagemaker-python-sdk: pip install --upgrade sagemaker>=2.218.0
2. Verify no downgrades occur in dependency resolution
3. Test ML pipelines with updated version
🔧 Temporary Workarounds
Input Validation and Sanitization
allValidate that pickled numpy object arrays come only from trusted sources before processing
🧯 If You Can't Patch
- Implement strict input validation to reject any pickled numpy object arrays from untrusted sources
- Use alternative deserialization methods or data formats that don't involve pickle
🔍 How to Verify
Check if Vulnerable:
Check sagemaker version: python -c "import sagemaker; print(sagemaker.__version__)" and compare to 2.218.0Check Version:
python -c "import sagemaker; print(f'sagemaker version: {sagemaker.__version__}')"Verify Fix Applied:
Confirm version is >=2.218.0 and test deserialization with known safe pickled arrays📡 Detection & Monitoring
Log Indicators:
- Unusual process execution from SageMaker containers
- Errors in NumpyDeserializer operations
- Unexpected network connections from SageMaker instances
Network Indicators:
- Outbound connections from SageMaker to unexpected destinations
- Large data exfiltration from SageMaker endpoints
SIEM Query:
source="sagemaker" AND (event="deserialization_error" OR process="unexpected_executable")