This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-7119 This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Github GHSA Github GHSA GHSA-xqgj-r6xv-9cw4 Withdrawn Advisory: Dask Vulnerable to Command Injection
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.cve.org/CVERecord?id=CVE-2024-10096 cve-icon
History

Wed, 18 Jun 2025 16:00:00 +0000

Type Values Removed Values Added
Title github.com/dask/dask: Remote Unauthorized Pickle Deserialization Command Execution in dask/dask
Weaknesses CWE-77
References
Metrics cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 26 Mar 2025 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77
References
Metrics cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 26 Mar 2025 17:15:00 +0000

Type Values Removed Values Added
Title Remote Unauthorized Pickle Deserialization Command Execution in dask/dask
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 26 Mar 2025 17:00:00 +0000

Type Values Removed Values Added
Description Dask versions <=2024.8.2 contain a vulnerability in the Dask Distributed Server where the use of pickle serialization allows attackers to craft malicious objects. These objects can be serialized on the client side and sent to the server for deserialization, leading to remote command execution and potentially granting full control over the Dask server. This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Thu, 20 Mar 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 20 Mar 2025 10:15:00 +0000

Type Values Removed Values Added
Description Dask versions <=2024.8.2 contain a vulnerability in the Dask Distributed Server where the use of pickle serialization allows attackers to craft malicious objects. These objects can be serialized on the client side and sent to the server for deserialization, leading to remote command execution and potentially granting full control over the Dask server.
Title Remote Unauthorized Pickle Deserialization Command Execution in dask/dask
Weaknesses CWE-77
References
Metrics cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: REJECTED

Assigner: @huntr_ai

Published:

Updated: 2025-03-26T16:41:42.163Z

Reserved: 2024-10-17T16:51:20.707Z

Link: CVE-2024-10096

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-03-20T10:15:14.613

Modified: 2025-03-26T17:15:23.943

Link: CVE-2024-10096

cve-icon Redhat

Severity :

Publid Date: 2025-03-20T10:09:07Z

Links: CVE-2024-10096 - Bugzilla

cve-icon OpenCVE Enrichment

No data.