While working on sam-3d-objects project, I performed a dependency security scan using a vulnerability scanning tool and identified a critical vulnerability in the SageMaker Python SDK. The issue affects versions prior to 3.4.0 and is related to the search_hub() function, which internally uses the eval() function to process certain inputs. Because the input is not properly sanitized or validated, an attacker could manipulate query parameters to inject malicious code.
CVE Report
CVE Link
While working on sam-3d-objects project, I performed a dependency security scan using a vulnerability scanning tool and identified a critical vulnerability in the SageMaker Python SDK. The issue affects versions prior to 3.4.0 and is related to the
search_hub()function, which internally uses theeval()function to process certain inputs. Because the input is not properly sanitized or validated, an attacker could manipulate query parameters to inject malicious code.CVE Report
CVE Link