Home

Description

A remote code execution vulnerability exists in open-mmlab/mmdetection version v3.3.0. The vulnerability is due to the use of the `pickle.loads()` function in the `all_reduce_dict()` distributed training API without proper sanitization. This allows an attacker to execute arbitrary code by broadcasting a malicious payload to the distributed training network.

PUBLISHED Reserved 2024-12-02 | Published 2025-03-20 | Updated 2025-03-20 | Assigner @huntr_ai




CRITICAL: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-502 Deserialization of Untrusted Data

Product status

Any version
affected

References

huntr.com/bounties/f7e4fc32-e167-49fb-9fc7-f092b9c27e8a

cve.org (CVE-2024-12044)

nvd.nist.gov (CVE-2024-12044)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.