sagemaker is vulnerable to Code Injection
80
High Risk
The capture_dependencies function in the sagemaker SDK's serve implementation interpolates dependency directory paths into generated Python source without escaping them. When ModelBuilder is invoked with dependencies={"auto": True}, an attacker who controls a directory name in the Python environment can inject arbitrary code into the generated source, which is subsequently executed in the context of the build process. The fix escapes interpolated path content before embedding it into the generated source.
You are affected if you are using a version that falls within the vulnerable range and your application uses ModelBuilder with dependencies={"auto": True} in an environment where directory or path names can be influenced by an attacker.
sagemaker is vulnerable to Code Injection in versions 2.199.0 - 3.11.0.
Upgrade the sagemaker library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant