CVE-2024-9701
Published: 20 March 2025
Summary
CVE-2024-9701 is a uncategorised-severity Deserialization of Untrusted Data (CWE-502) vulnerability. Its CVSS base score is N/A.
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and patching of the deserialization flaw in Kedro ShelveStore (version 0.19.8), directly preventing RCE exploitation as per the provided mitigation commit.
Enforces approved access authorizations to shelve files, preventing attackers from writing malicious payloads required for deserialization-based RCE.
Validates session data inputs prior to serialization into shelve files, mitigating injection of malicious deserialization payloads but not fully addressing unsafe pickle deserialization.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
RCE via Python pickle deserialization in ShelveStore directly enables exploitation of public-facing apps (T1190) and arbitrary Python code execution (T1059.006).
NVD Description
A Remote Code Execution (RCE) vulnerability has been identified in the Kedro ShelveStore class (version 0.19.8). This vulnerability allows an attacker to execute arbitrary Python code via deserialization of malicious payloads, potentially leading to a full system compromise. The ShelveStore…
more
class uses Python's shelve module to manage session data, which relies on pickle for serialization. Crafting a malicious payload and storing it in the shelve file can lead to RCE when the payload is deserialized.
Deeper analysisAI
CVE-2024-9701 is a remote code execution (RCE) vulnerability in the Kedro ShelveStore class, specifically version 0.19.8. The flaw stems from the class's use of Python's shelve module, which relies on pickle for serialization and deserialization of session data. An attacker can craft a malicious payload that, when stored in the shelve file and subsequently deserialized, executes arbitrary Python code, as classified under CWE-502 (Deserialization of Untrusted Data).
The vulnerability can be exploited by any attacker with the ability to write a malicious payload to a shelve file used by a Kedro application employing the ShelveStore class. Upon deserialization of the payload during normal application operations, the attacker achieves RCE, potentially resulting in full system compromise depending on the application's privileges and environment.
Mitigation details are provided in the Kedro project's GitHub commit at https://github.com/kedro-org/kedro/commit/d79fa51de55ac0ccb58cce1a482df1b445f0fe7c, which addresses the issue, and further information including the bounty report is available at https://huntr.com/bounties/96c77fef-93b2-4d4d-8cbe-57a718d8eea5. Security practitioners should update to a patched version of Kedro beyond 0.19.8 and review applications using ShelveStore for exposure.
Details
- CWE(s)