How severe is CVE-2024-5206?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2024-5206?

This is classified as CWE-921, which is a common weakness in software security.

CVE-2024-5206 - MEDIUM Severity | CVSS 4.7

Vulnerability Description

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the `stop_words_` attribute, rather than only storing the subset of tokens required for the TF-IDF technique to function. This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. The impact of this vulnerability varies based on the nature of the data being processed by the vectorizer.

Related Vulnerabilities

CVE-2023-41818

MEDIUM

CVSS:5.0(Medium)

An improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device Help application that could allow a local attacker to read system logs.

CWE-9212023

CVE-2025-24843

MEDIUM

CVSS:5.1(Medium)

Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data.

CWE-9212025

CVE-2025-24870

MEDIUM

CVSS:6.0(Medium)

SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege esca...

CWE-9212025

CVE-2025-30016

CRITICAL

CVSS:9.8(Critical)

SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there ...

CWE-9212025

CVE-2023-2665

HIGH

CVSS:7.5(High)

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.

CWE-9212023

CVE-2023-41965

HIGH

CVSS:7.5(High)

Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process.

CWE-9212023