### [CVE-2024-9953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9953)
![](https://img.shields.io/static/v1?label=Product&message=VINCE%20-%20Vulnerability%20Information%20and%20Coordination%20Environment&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brightgreen)

### Description

A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the profile is accessed. While the Django server restricts unpickling to prevent server crashes, this vulnerability could still disrupt operations.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/famixcm/CVE-2024-9954
- https://github.com/zetraxz/CVE-2024-9954