Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/sagemaker@2.163.0
Typepypi
Namespace
Namesagemaker
Version2.163.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.257.2
Latest_non_vulnerable_version3.8.0
Affected_by_vulnerabilities
0
url VCID-9q6x-5ac2-m3gj
vulnerability_id VCID-9q6x-5ac2-m3gj
summary 
SageMaker Python SDK has Exposed HMAC
SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. An issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API has been identified.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1777
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06396
published_at 2026-06-08T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06461
published_at 2026-06-05T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.06452
published_at 2026-06-06T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.06442
published_at 2026-06-07T12:55:00Z
4
value 0.00022
scoring_system epss
scoring_elements 0.06404
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1777
1
reference_url https://aws.amazon.com/security/security-bulletins/2026-004-AWS
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://aws.amazon.com/security/security-bulletins/2026-004-AWS
2
reference_url https://github.com/aws/sagemaker-python-sdk
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk
3
reference_url https://github.com/aws/sagemaker-python-sdk/commit/708c7b2f4135ecaec55973d098f3dbe98b657933
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/commit/708c7b2f4135ecaec55973d098f3dbe98b657933
4
reference_url https://github.com/aws/sagemaker-python-sdk/commit/fb0d789db4fd5fecde5509963939369f4c7ce63b
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/commit/fb0d789db4fd5fecde5509963939369f4c7ce63b
5
reference_url https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:00:05Z/
url https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0
6
reference_url https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.2.0
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:00:05Z/
url https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.2.0
7
reference_url https://aws.amazon.com/security/security-bulletins/2026-004-AWS/
reference_id 2026-004-AWS
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:00:05Z/
url https://aws.amazon.com/security/security-bulletins/2026-004-AWS/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1777
reference_id CVE-2026-1777
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1777
9
reference_url https://github.com/advisories/GHSA-rjrp-m2jw-pv9c
reference_id GHSA-rjrp-m2jw-pv9c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rjrp-m2jw-pv9c
10
reference_url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-rjrp-m2jw-pv9c
reference_id GHSA-rjrp-m2jw-pv9c
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:00:05Z/
url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-rjrp-m2jw-pv9c
fixed_packages
0
url pkg:pypi/sagemaker@2.256.0
purl pkg:pypi/sagemaker@2.256.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pvdy-d4xb-5ygq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@2.256.0
1
url pkg:pypi/sagemaker@3.2.0
purl pkg:pypi/sagemaker@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pvdy-d4xb-5ygq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@3.2.0
aliases CVE-2026-1777, GHSA-rjrp-m2jw-pv9c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9q6x-5ac2-m3gj
1
url VCID-acwy-v1m2-n7ey
vulnerability_id VCID-acwy-v1m2-n7ey
summary 
SageMaker Workflow component allows possibility of MD5 hash collisions
A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This issue can cause integrity problems within the pipeline, potentially leading to erroneous processing outcomes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-0508
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33514
published_at 2026-06-08T12:55:00Z
1
value 0.00138
scoring_system epss
scoring_elements 0.33537
published_at 2026-06-09T12:55:00Z
2
value 0.00138
scoring_system epss
scoring_elements 0.33548
published_at 2026-06-07T12:55:00Z
3
value 0.00138
scoring_system epss
scoring_elements 0.33583
published_at 2026-06-06T12:55:00Z
4
value 0.00138
scoring_system epss
scoring_elements 0.33568
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-0508
1
reference_url https://github.com/aws/sagemaker-python-sdk
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk
2
reference_url https://github.com/aws/sagemaker-python-sdk/commit/dcdd99f911e8b1a05d19cf1ad939b0fefae47864
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T14:26:53Z/
url https://github.com/aws/sagemaker-python-sdk/commit/dcdd99f911e8b1a05d19cf1ad939b0fefae47864
3
reference_url https://huntr.com/bounties/eb056818-5b81-466f-81ee-916058d34af2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T14:26:53Z/
url https://huntr.com/bounties/eb056818-5b81-466f-81ee-916058d34af2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-0508
reference_id CVE-2025-0508
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-0508
5
reference_url https://github.com/advisories/GHSA-32g6-mg92-ghm2
reference_id GHSA-32g6-mg92-ghm2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-32g6-mg92-ghm2
fixed_packages
0
url pkg:pypi/sagemaker@2.237.3
purl pkg:pypi/sagemaker@2.237.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9q6x-5ac2-m3gj
1
vulnerability VCID-era1-qx3r-yybw
2
vulnerability VCID-pvdy-d4xb-5ygq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@2.237.3
aliases CVE-2025-0508, GHSA-32g6-mg92-ghm2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-acwy-v1m2-n7ey
2
url VCID-era1-qx3r-yybw
vulnerability_id VCID-era1-qx3r-yybw
summary 
SageMaker Python SDK has Insecure TLS Configuration
SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. An issue where SSL certificate verification was globally disabled in the Triton Python backend has been found.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1778
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01224
published_at 2026-06-08T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01228
published_at 2026-06-09T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01225
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1778
1
reference_url https://aws.amazon.com/security/security-bulletins/2026-004-AWS
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://aws.amazon.com/security/security-bulletins/2026-004-AWS
2
reference_url https://github.com/aws/sagemaker-python-sdk
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk
3
reference_url https://github.com/aws/sagemaker-python-sdk/commit/5e7a3efa7bec0a161194ffa0cef346dda93bf2c6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/commit/5e7a3efa7bec0a161194ffa0cef346dda93bf2c6
4
reference_url https://github.com/aws/sagemaker-python-sdk/commit/c8098958910f7db78d07037425debfd4d44a6964
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/commit/c8098958910f7db78d07037425debfd4d44a6964
5
reference_url https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:02:05Z/
url https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0
6
reference_url https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.1.1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:02:05Z/
url https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.1.1
7
reference_url https://aws.amazon.com/security/security-bulletins/2026-004-AWS/
reference_id 2026-004-AWS
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:02:05Z/
url https://aws.amazon.com/security/security-bulletins/2026-004-AWS/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1778
reference_id CVE-2026-1778
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1778
9
reference_url https://github.com/advisories/GHSA-62rc-f4v9-h543
reference_id GHSA-62rc-f4v9-h543
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-62rc-f4v9-h543
10
reference_url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-62rc-f4v9-h543
reference_id GHSA-62rc-f4v9-h543
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:02:05Z/
url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-62rc-f4v9-h543
fixed_packages
0
url pkg:pypi/sagemaker@2.256.0
purl pkg:pypi/sagemaker@2.256.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pvdy-d4xb-5ygq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@2.256.0
1
url pkg:pypi/sagemaker@3.1.1
purl pkg:pypi/sagemaker@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9q6x-5ac2-m3gj
1
vulnerability VCID-pvdy-d4xb-5ygq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@3.1.1
aliases CVE-2026-1778, GHSA-62rc-f4v9-h543
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-era1-qx3r-yybw
3
url VCID-g48w-e619-abgd
vulnerability_id VCID-g48w-e619-abgd
summary 
sagemaker-python-sdk Command Injection vulnerability
The capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils` module before version 2.214.3 allows for potentially unsafe Operating System (OS) Command Injection if inappropriate command is passed as the “requirements_path” parameter. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity.

Impacted versions: <2.214.3
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34073
reference_id
reference_type
scores
0
value 0.00889
scoring_system epss
scoring_elements 0.75924
published_at 2026-06-09T12:55:00Z
1
value 0.00889
scoring_system epss
scoring_elements 0.75899
published_at 2026-06-08T12:55:00Z
2
value 0.00889
scoring_system epss
scoring_elements 0.75912
published_at 2026-06-07T12:55:00Z
3
value 0.00889
scoring_system epss
scoring_elements 0.7592
published_at 2026-06-06T12:55:00Z
4
value 0.00889
scoring_system epss
scoring_elements 0.75921
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34073
1
reference_url https://github.com/aws/sagemaker-python-sdk
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk
2
reference_url https://github.com/aws/sagemaker-python-sdk/commit/2d873d53f708ea570fc2e2a6974f8c3097fe9df5
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-03T14:52:50Z/
url https://github.com/aws/sagemaker-python-sdk/commit/2d873d53f708ea570fc2e2a6974f8c3097fe9df5
3
reference_url https://github.com/aws/sagemaker-python-sdk/pull/4556
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-03T14:52:50Z/
url https://github.com/aws/sagemaker-python-sdk/pull/4556
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34073
reference_id CVE-2024-34073
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34073
5
reference_url https://github.com/advisories/GHSA-7pc3-pr3q-58vg
reference_id GHSA-7pc3-pr3q-58vg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7pc3-pr3q-58vg
6
reference_url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-7pc3-pr3q-58vg
reference_id GHSA-7pc3-pr3q-58vg
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-03T14:52:50Z/
url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-7pc3-pr3q-58vg
fixed_packages
0
url pkg:pypi/sagemaker@2.214.3
purl pkg:pypi/sagemaker@2.214.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9q6x-5ac2-m3gj
1
vulnerability VCID-acwy-v1m2-n7ey
2
vulnerability VCID-era1-qx3r-yybw
3
vulnerability VCID-pvdy-d4xb-5ygq
4
vulnerability VCID-qmyp-wk2g-rbch
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@2.214.3
aliases CVE-2024-34073, GHSA-7pc3-pr3q-58vg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g48w-e619-abgd
4
url VCID-pvdy-d4xb-5ygq
vulnerability_id VCID-pvdy-d4xb-5ygq
summary 
SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality
This advisory addresses the use of the search_hub() function within the SageMaker Python SDK's JumpStart search functionality. An actor with the ability to control query parameters passed to the search_hub() function could potentially provide malformed input that causes the eval() function to execute arbitrary commands, access sensitive data, or compromise the execution environment.

A defense-in-depth enhancement has been implemented to replace code evaluation with safe string operations when processing search query parameters. This enhancement removes the use of eval() from the execution path, replacing it with a safe recursive descent parser. The change was released in SageMaker Python SDK version 3.4.0 on January 23, 2026. This advisory is informational to help customers understand their responsibilities regarding input validation and configuration security under the [AWS Shared Responsibility Model](https://aws.amazon.com/compliance/shared-responsibility-model/).
references
0
reference_url https://github.com/aws/sagemaker-python-sdk
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk
1
reference_url https://github.com/aws/sagemaker-python-sdk/commit/e706e578519bd9b92ea44b9b15f872eca5e77ea4
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/commit/e706e578519bd9b92ea44b9b15f872eca5e77ea4
2
reference_url https://github.com/aws/sagemaker-python-sdk/pull/5497
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/pull/5497
3
reference_url https://github.com/advisories/GHSA-5r2p-pjr8-7fh7
reference_id GHSA-5r2p-pjr8-7fh7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5r2p-pjr8-7fh7
4
reference_url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-5r2p-pjr8-7fh7
reference_id GHSA-5r2p-pjr8-7fh7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-5r2p-pjr8-7fh7
fixed_packages
0
url pkg:pypi/sagemaker@3.4.0
purl pkg:pypi/sagemaker@3.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@3.4.0
aliases GHSA-5r2p-pjr8-7fh7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pvdy-d4xb-5ygq
5
url VCID-qmyp-wk2g-rbch
vulnerability_id VCID-qmyp-wk2g-rbch
summary 
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity.

Impacted versions: <2.218.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34072
reference_id
reference_type
scores
0
value 0.00593
scoring_system epss
scoring_elements 0.69672
published_at 2026-06-07T12:55:00Z
1
value 0.00593
scoring_system epss
scoring_elements 0.69683
published_at 2026-06-09T12:55:00Z
2
value 0.00593
scoring_system epss
scoring_elements 0.69662
published_at 2026-06-08T12:55:00Z
3
value 0.00593
scoring_system epss
scoring_elements 0.69682
published_at 2026-06-06T12:55:00Z
4
value 0.00593
scoring_system epss
scoring_elements 0.69675
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34072
1
reference_url https://github.com/aws/sagemaker-python-sdk
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk
2
reference_url https://github.com/aws/sagemaker-python-sdk/commit/72e0c9712aec6fbb82fb40fda091dfc2a42c70a0
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/commit/72e0c9712aec6fbb82fb40fda091dfc2a42c70a0
3
reference_url https://github.com/aws/sagemaker-python-sdk/pull/4557
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-03T17:28:15Z/
url https://github.com/aws/sagemaker-python-sdk/pull/4557
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34072
reference_id CVE-2024-34072
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34072
5
reference_url https://github.com/advisories/GHSA-wjvx-jhpj-r54r
reference_id GHSA-wjvx-jhpj-r54r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wjvx-jhpj-r54r
6
reference_url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-wjvx-jhpj-r54r
reference_id GHSA-wjvx-jhpj-r54r
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-03T17:28:15Z/
url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-wjvx-jhpj-r54r
fixed_packages
0
url pkg:pypi/sagemaker@2.218.0
purl pkg:pypi/sagemaker@2.218.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9q6x-5ac2-m3gj
1
vulnerability VCID-acwy-v1m2-n7ey
2
vulnerability VCID-era1-qx3r-yybw
3
vulnerability VCID-pvdy-d4xb-5ygq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@2.218.0
aliases CVE-2024-34072, GHSA-wjvx-jhpj-r54r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmyp-wk2g-rbch
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@2.163.0