CVE-2024-10372 | chidiwilliams buzz 1.1.0 buzz/model_loader.py download_model temp file

CVE-2024-10372 | chidiwilliams buzz 1.1.0 buzz/model_loader.py download_model temp file

A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to insecure temporary file. This vulnerability was named CVE-2024-10372. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.