CVE-2024-0129

Description

NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.

References

https://www.securityweek.com/code-execution-data-tampering-flaw-in-nvidia-nemo-gen-ai-framework/

https://nvidia.custhelp.com/app/answers/detail/a_id/5580

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

EPSS