Moderate severityNVD Advisory· Published Mar 20, 2024· Updated Aug 2, 2024
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
CVE-2024-29032
Description
Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskit_ibm_runtime.RuntimeDecoder can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
qiskit-ibm-runtimePyPI | >= 0.1.0, < 0.21.2 | 0.21.2 |
Affected products
2- Qiskit/qiskit-ibm-runtimev5Range: >= 0.1.0, < 0.21.2
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-x4x5-jv3x-9c7mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-29032ghsaADVISORY
- github.com/Qiskit/qiskit-ibm-runtime/blob/16e90f475e78a9d2ae77daa139ef750cfa84ca82/qiskit_ibm_runtime/utils/json.pyghsax_refsource_MISCWEB
- github.com/Qiskit/qiskit-ibm-runtime/commit/b78fca114133051805d00043a404b25a33835f4dghsax_refsource_MISCWEB
- github.com/Qiskit/qiskit-ibm-runtime/security/advisories/GHSA-x4x5-jv3x-9c7mghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.