CVE-2024-9701
Published: 20 March 2025
Summary
CVE-2024-9701 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
A Remote Code Execution vulnerability tracked as CVE-2024-9701 affects the ShelveStore class in Kedro version 0.19.8. The class relies on Python's shelve module, which in turn uses pickle for serializing session data, enabling an attacker to achieve arbitrary code execution through deserialization of a malicious payload placed in the shelve file. The issue is classified under CWE-502 and carries a CVSS 3.0 score of 9.8.
An unauthenticated remote attacker can exploit the flaw by crafting and storing a malicious pickle-based payload in a shelve file used by ShelveStore. Upon deserialization, the payload executes arbitrary Python code, potentially resulting in full system compromise with impacts to confidentiality, integrity, and availability.
A fix is referenced in the Kedro project commit d79fa51de55ac0ccb58cce1a482df1b445f0fe7c, and further details are available via the associated huntr.com bounty report. The EPSS score has remained at modest levels with a current value of 0.0614 and a peak of 0.0762.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6852
Vulnerability details
A Remote Code Execution (RCE) vulnerability has been identified in the Kedro ShelveStore class (version 0.19.8). This vulnerability allows an attacker to execute arbitrary Python code via deserialization of malicious payloads, potentially leading to a full system compromise. The ShelveStore…
more
class uses Python's shelve module to manage session data, which relies on pickle for serialization. Crafting a malicious payload and storing it in the shelve file can lead to RCE when the payload is deserialized.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
RCE via Python pickle deserialization in ShelveStore directly enables exploitation of public-facing apps (T1190) and arbitrary Python code execution (T1059.006).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and patching of the deserialization flaw in Kedro ShelveStore (version 0.19.8), directly preventing RCE exploitation as per the provided mitigation commit.
Enforces approved access authorizations to shelve files, preventing attackers from writing malicious payloads required for deserialization-based RCE.
Validates session data inputs prior to serialization into shelve files, mitigating injection of malicious deserialization payloads but not fully addressing unsafe pickle deserialization.