Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-0129

NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.

Published

2024-10-15T06:15:02.520

Last Modified

2024-11-08T15:33:26.137

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-22
Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nvidia	nemo	≤ r2.0.0rc0	Yes
Operating System	apple	macos	-	No
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5580 Vendor Advisory ([email protected])