{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9880", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "REJECTED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-10-11T18:22:53.185Z", "datePublished": "2025-03-20T10:09:04.353Z", "dateUpdated": "2025-03-26T17:02:39.383Z", "dateRejected": "2025-03-26T17:02:39.383Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-26T17:02:39.383Z"}, "rejectedReasons": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9880", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "REJECTED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-10-11T18:22:53.185Z", "datePublished": "2025-03-20T10:09:04.353Z", "dateUpdated": "2025-03-26T17:02:39.383Z", "dateRejected": "2025-03-26T17:02:39.383Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-26T17:02:39.383Z"}, "rejectedReasons": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "id": "CVE-2024-9880", "lastModified": "2025-03-26T17:15:25.453", "metrics": {}, "published": "2025-03-20T10:15:50.300", "references": [], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "pandas: Command Injection in pandas-dev/pandas", "id": "2353639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353639"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-94", "details": ["A command injection vulnerability exists in the `pandas.DataFrame.query` function of pandas-dev/pandas versions up to and including v2.2.2. This vulnerability allows an attacker to execute arbitrary commands on the server by crafting a malicious query. The issue arises from the improper validation of user-supplied input in the `query` function when using the 'python' engine, leading to potential remote command execution.", "A flaw was found in pandas. This vulnerability allows an attacker to execute arbitrary commands on the server via a crafted query in the pandas.DataFrame.query function when using the 'python' engine."], "name": "CVE-2024-9880", "package_state": [{"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Affected", "package_name": "openshift-lightspeed-tech-preview/lightspeed-service-api-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "aap-metrics-utility", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Not affected", "package_name": "rhelai1/bootc-aws-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-azure-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Not affected", "package_name": "rhelai1/bootc-azure-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Not affected", "package_name": "rhelai1/bootc-gcp-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-ibm-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Not affected", "package_name": "rhelai1/bootc-intel-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Not affected", "package_name": "rhelai1/bootc-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Not affected", "package_name": "rhelai1/docling-serve-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/instructlab-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Not affected", "package_name": "rhelai1/instructlab-intel-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Not affected", "package_name": "rhelai1/instructlab-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-ml-pipelines-api-server-v2-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-ml-pipelines-driver-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-ml-pipelines-launcher-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-training-operator-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-trustyai-service-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}], "public_date": "2025-03-20T10:09:04Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-9880\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-9880\nhttps://huntr.com/bounties/a49baae1-4652-4d6c-a179-313c21c41a8d"], "threat_severity": "Important"}