CVE-2024-52524 — MEDIUM AI Security Vulnerability

Q: Is CVE-2024-52524 actively exploited?

No confirmed active exploitation of CVE-2024-52524 has been reported, but organizations should still patch proactively.

Q: How to fix CVE-2024-52524?

1. Upgrade Giskard to version 2.15.5 or later — only complete fix. 2. If immediate patching is blocked, sanitize input datasets to strip complex nested URL-like strings before Giskard ingestion. 3. Implement hard timeouts on Giskard evaluation jobs and treat timeouts as failures, not bypasses. 4. Restrict who can submit datasets to Giskard instances, especially in shared or CI/CD-integrated deployments. 5. Audit pipeline configurations to ensure a crashed Giskard job cannot silently pass a model to production.

Q: What systems are affected by CVE-2024-52524?

This vulnerability affects the following AI/ML architecture patterns: ML testing pipelines, model evaluation pipelines, AI model validation systems, ML CI/CD pipelines.

Q: What is the CVSS score for CVE-2024-52524?

No CVSS score has been assigned yet.

CISO Take

Teams using Giskard for AI model evaluation must upgrade to 2.15.5 immediately. An attacker who can influence datasets processed by Giskard can halt evaluation pipelines, potentially allowing unvalidated models to bypass security gates. No effective workaround exists short of patching.

Risk Assessment

Medium practical risk. EPSS of 1.47% and absence from CISA KEV indicate no active exploitation. Blast radius is limited to AI testing and validation workflows, not production models directly. However, organizations with externally influenced data pipelines feeding Giskard evaluations, or shared multi-tenant Giskard instances, face elevated exposure. The real danger is indirect: a crashed evaluation job could be bypassed or timed-out, allowing an unsafe model to pass a CI/CD gate unchecked.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
giskard	pip	<= 2.15.4	`2.15.5`

Do you use giskard? You're affected.

Severity & Risk

CVSS 3.1

N/A

EPSS

2.0%

chance of exploitation in 30 days

Higher than 84% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

No known exploitation

Sophistication

Trivial

Recommended Action

5 steps

Upgrade Giskard to version 2.15.5 or later — only complete fix.
If immediate patching is blocked, sanitize input datasets to strip complex nested URL-like strings before Giskard ingestion.
Implement hard timeouts on Giskard evaluation jobs and treat timeouts as failures, not bypasses.
Restrict who can submit datasets to Giskard instances, especially in shared or CI/CD-integrated deployments.
Audit pipeline configurations to ensure a crashed Giskard job cannot silently pass a model to production.

CISA SSVC Assessment

Decision Track

Exploitation none

Automatable Yes

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

DoS Supply Chain Framework AML.T0010.001 - AI Software AML.T0029 - Denial of AI Service AML.T0043.003 - Manual Modification

Compliance Impact

This CVE is relevant to:

EU AI Act

Article 15 - Accuracy, robustness and cybersecurity

ISO 42001

A.6.2 - AI risk treatment

NIST AI RMF

MANAGE 2.2 - AI Risk Response

OWASP LLM Top 10

LLM04 - Model Denial of Service

Frequently Asked Questions

What is CVE-2024-52524?

Teams using Giskard for AI model evaluation must upgrade to 2.15.5 immediately. An attacker who can influence datasets processed by Giskard can halt evaluation pipelines, potentially allowing unvalidated models to bypass security gates. No effective workaround exists short of patching.

Is CVE-2024-52524 actively exploited?

No confirmed active exploitation of CVE-2024-52524 has been reported, but organizations should still patch proactively.

How to fix CVE-2024-52524?

1. Upgrade Giskard to version 2.15.5 or later — only complete fix. 2. If immediate patching is blocked, sanitize input datasets to strip complex nested URL-like strings before Giskard ingestion. 3. Implement hard timeouts on Giskard evaluation jobs and treat timeouts as failures, not bypasses. 4. Restrict who can submit datasets to Giskard instances, especially in shared or CI/CD-integrated deployments. 5. Audit pipeline configurations to ensure a crashed Giskard job cannot silently pass a model to production.

What systems are affected by CVE-2024-52524?

This vulnerability affects the following AI/ML architecture patterns: ML testing pipelines, model evaluation pipelines, AI model validation systems, ML CI/CD pipelines.

What is the CVSS score for CVE-2024-52524?

No CVSS score has been assigned yet.

Technical Details

NVD Description

# ReDoS in Giskard text perturbation detector A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the [GitHub Security Lab](https://securitylab.github.com) team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. ## Details The vulnerability affects Giskard's punctuation removal transformation used in the text perturbation detection. A regex used to detect URLs and links was vulnerable to catastrophic backtracking that could be triggered by specific patterns in the text. ## Affected version Giskard versions prior to 2.15.5 are affected. Users should upgrade to version 2.15.5 or later, which includes a fix for this vulnerability. ## Impact This vulnerability can cause extended computation times or crashes in Giskard when processing text containing certain patterns. ## Credit This issue was discovered and reported by GHSL team member [@kevinbackhouse (Kevin Backhouse)](https://github.com/kevinbackhouse).

Exploitation Scenario

An adversary with write access to a dataset ingested by Giskard — via poisoned training data, a compromised data lake, or a malicious CI/CD artifact — injects text strings with pathological URL-like patterns designed to trigger catastrophic backtracking in the regex engine. When Giskard runs its text perturbation detector, the evaluation job enters a near-infinite CPU loop. In a CI/CD pipeline, this either crashes the validation stage or triggers a timeout. If the pipeline treats timeouts as non-blocking, the model proceeds to production without completing its safety evaluation — achieving model deployment bypass as a secondary impact beyond simple DoS.