Skip to content

Is mmdetection affected by CVE-2024-12044? If so, when will it be fixed? #12335

New issue
New issue
Open
Open
Is mmdetection affected by CVE-2024-12044? If so, when will it be fixed?#12335
Assignees
Czm369
@996627519

Description

@996627519
996627519
opened on Mar 24, 2025

https://nvd.nist.gov/vuln/detail/CVE-2024-12044

Description
A remote code execution vulnerability exists in open-mmlab/mmdetection version v3.3.0. The vulnerability is due to the use of the pickle.loads() function in the all_reduce_dict() distributed training API without proper sanitization. This allows an attacker to execute arbitrary code by broadcasting a malicious payload to the distributed training network.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions