Skip to content

Known vulnerability in LightGBM (CVE-2024-43598) #7430

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
andreak-sdl opened this issue Mar 27, 2025 · 2 comments
Closed

Known vulnerability in LightGBM (CVE-2024-43598) #7430

andreak-sdl opened this issue Mar 27, 2025 · 2 comments
Assignees
@michaelgsharp
Labels
blocking Marks issues that we want to fast track in order to unblock other important work
Milestone
ML.NET 5.0

Comments

@andreak-sdl
Copy link

There is a known vulnerability in LightGBM <= 4.5.0 (see microsoft/LightGBM#6750), which is fixed with version 4.6.0. As it seems that the current version of Microsoft.ML.LightGbm is not compatible with newer versions of LightGBM (see #7320), it would be good to handle this ticket with high priority.
@dotnet-policy-service dotnet-policy-service bot added the untriaged New issue has not been triaged label Mar 27, 2025
@ericstj ericstj added blocking Marks issues that we want to fast track in order to unblock other important work and removed untriaged New issue has not been triaged labels Mar 31, 2025
@ericstj ericstj added this to the ML.NET 5.0 milestone Mar 31, 2025
@ericstj
Copy link
Member

ericstj commented Mar 31, 2025

@michaelgsharp - can you see about updating LightGBM and understanding what we might need to change to be compatible with the latest version?

@ericstj
Copy link
Member

ericstj commented Mar 31, 2025

Actually resolving this one as a duplicate of #7320

@ericstj ericstj closed this as completed Mar 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelgsharp michaelgsharp

Labels
blocking Marks issues that we want to fast track in order to unblock other important work
Projects
None yet
Milestone
ML.NET 5.0
Development

No branches or pull requests
3 participants
@ericstj @michaelgsharp @andreak-sdl