CVE-2024-10096 - Vulnerability Details

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://www.cve.org/CVERecord?id=CVE-2024-10096

History

Wed, 18 Jun 2025 16:00:00 +0000

Type	Values Removed	Values Added
Title		github.com/dask/dask: Remote Unauthorized Pickle Deserialization Command Execution in dask/dask
Weaknesses		CWE-77
References		https://www.cve.org/CVERecord?id=CVE-2024-10096
Metrics		cvssV3_0 `{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Wed, 26 Mar 2025 17:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-77
References	https://huntr.com/bounties/a4be847b-a52d-42cc-9e78-3299e2d30ab2
Metrics	cvssV3_0 `{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Wed, 26 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
Title	Remote Unauthorized Pickle Deserialization Command Execution in dask/dask
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 26 Mar 2025 17:00:00 +0000

Type	Values Removed	Values Added
Description	Dask versions <=2024.8.2 contain a vulnerability in the Dask Distributed Server where the use of pickle serialization allows attackers to craft malicious objects. These objects can be serialized on the client side and sent to the server for deserialization, leading to remote command execution and potentially granting full control over the Dask server.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Thu, 20 Mar 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 20 Mar 2025 10:15:00 +0000

Type	Values Removed	Values Added
Description		Dask versions <=2024.8.2 contain a vulnerability in the Dask Distributed Server where the use of pickle serialization allows attackers to craft malicious objects. These objects can be serialized on the client side and sent to the server for deserialization, leading to remote command execution and potentially granting full control over the Dask server.
Title		Remote Unauthorized Pickle Deserialization Command Execution in dask/dask
Weaknesses		CWE-77
References		https://huntr.com/bounties/a4be847b-a52d-42cc-9e78-3299e2d30ab2
Metrics		cvssV3_0 `{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: REJECTED

Assigner: @huntr_ai

Published: 2025-03-20T10:09:07.496Z

Updated: 2025-03-26T16:41:42.163Z

Reserved: 2024-10-17T16:51:20.707Z

Link: CVE-2024-10096

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-03-20T10:15:14.613

Modified: 2025-03-26T17:15:23.943

Link: CVE-2024-10096

Redhat

Severity :

Publid Date: 2025-03-20T10:09:07Z

Links: CVE-2024-10096 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object