CVE-2024-9701
📋 TL;DR
This CVE describes a critical Remote Code Execution vulnerability in Kedro's ShelveStore class (version 0.19.8). Attackers can execute arbitrary Python code by crafting malicious payloads that exploit insecure deserialization via Python's pickle module. Any Kedro application using ShelveStore for session data storage is affected.
💻 Affected Systems
- Kedro
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise allowing attacker to execute arbitrary commands, steal sensitive data, install malware, or pivot to other systems.
Likely Case
Remote code execution leading to data theft, application compromise, and potential lateral movement within the environment.
If Mitigated
Limited impact if proper network segmentation and access controls prevent exploitation attempts.
🎯 Exploit Status
Exploitation requires ability to write malicious payload to shelve file, which could be achieved through various attack vectors.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.19.9 or later
Vendor Advisory: https://github.com/kedro-org/kedro/commit/d79fa51de55ac0ccb58cce1a482df1b445f0fe7c
Restart Required: Yes
Instructions:
1. Update Kedro to version 0.19.9 or later using pip: pip install --upgrade kedro==0.19.9
2. Restart all Kedro applications and services
3. Verify the update was successful
🔧 Temporary Workarounds
Disable ShelveStore usage
allReplace ShelveStore with alternative secure storage backends like PickleStore with proper validation or other serialization methods.
Modify Kedro configuration to use alternative storage classes
Input validation and sanitization
allImplement strict input validation for any data that could be written to shelve files.
Implement custom validation logic before shelve operations
🧯 If You Can't Patch
- Implement strict network access controls to limit who can interact with the vulnerable application
- Monitor shelve file access and modifications for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check if Kedro version is 0.19.8 and if ShelveStore class is used in the application.Check Version:
python -c "import kedro; print(kedro.__version__)"Verify Fix Applied:
Verify Kedro version is 0.19.9 or later and test that malicious payloads no longer execute.📡 Detection & Monitoring
Log Indicators:
- Unexpected Python code execution
- Suspicious file operations on shelve files
- Errors related to pickle deserialization
Network Indicators:
- Unusual outbound connections from Kedro application
- Suspicious file uploads to application endpoints
SIEM Query:
source="kedro" AND (event="pickle.load" OR event="shelve.open") AND result="success"