CVE-2024-37064
📋 TL;DR
CVE-2024-37064 is a deserialization vulnerability in ydata-profiling library versions 3.7.0+. Attackers can craft malicious datasets that execute arbitrary code when loaded by the library. This affects any application using vulnerable versions of ydata-profiling to process untrusted data.
💻 Affected Systems
- ydata-profiling
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with remote code execution, data exfiltration, and lateral movement within the environment.
Likely Case
Local privilege escalation or data manipulation within the application context, potentially leading to sensitive information disclosure.
If Mitigated
Limited impact if proper input validation and sandboxing prevent malicious payloads from executing.
🎯 Exploit Status
Exploitation requires the attacker to provide a malicious dataset that gets loaded by the vulnerable library. No authentication is needed if the application accepts external datasets.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.8.0 or later
Vendor Advisory: https://hiddenlayer.com/sai-security-advisory/ydata-june2024
Restart Required: No
Instructions:
1. Update ydata-profiling to version 4.8.0 or later using pip: pip install --upgrade ydata-profiling>=4.8.0
2. Verify the update with: pip show ydata-profiling
3. Test application functionality with the updated library.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict validation of dataset inputs before passing to ydata-profiling functions.
Downgrade to Safe Version
allTemporarily downgrade to ydata-profiling version 3.6.1 or earlier which is not affected.
pip install ydata-profiling==3.6.1
🧯 If You Can't Patch
- Isolate the application in a sandboxed environment with minimal privileges
- Implement strict network controls to prevent data exfiltration and limit dataset sources to trusted locations only
🔍 How to Verify
Check if Vulnerable:
Check the installed ydata-profiling version: pip show ydata-profiling | grep VersionCheck Version:
pip show ydata-profiling | grep VersionVerify Fix Applied:
Confirm version is 4.8.0 or higher: pip show ydata-profiling | grep Version📡 Detection & Monitoring
Log Indicators:
- Unexpected process spawns from Python applications using ydata-profiling
- Unusual file system or network activity following dataset loading
Network Indicators:
- Outbound connections to unexpected destinations after dataset processing
- DNS requests for suspicious domains from the application
SIEM Query:
Process Creation where Parent Process contains 'python' AND Command Line contains 'ydata-profiling' AND (Command Line contains unusual patterns OR Outbound Network Connection follows)