CVE-2024-9701 – Kedro ShelveStore Remote Code Execution Vulnerability

A critical vulnerability, CVE-2024-9701, has been identified in the Kedro ShelveStore class (version 0.19.8), a component of the Kedro framework used for managing session data. This vulnerability allows attackers to execute arbitrary Python code through the deserialization of malicious payloads, potentially leading to a full system compromise. With a CVSS score of 9.8 (CRITICAL), this issue demands immediate attention from organizations leveraging Kedro for data pipeline management.

The vulnerability stems from the use of Python’s shelve module, which relies on the pickle library for serialization. Attackers can craft malicious payloads and store them in a shelve file, which, when deserialized, executes the embedded code. This flaw poses a significant risk to systems running vulnerable versions of Kedro, particularly those handling sensitive data or operating in production environments.

TL;DR

• CVE-2024-9701: A critical Remote Code Execution (RCE) vulnerability in Kedro’s ShelveStore class (version 0.19.8).
• Severity: 9.8 (CRITICAL) on the CVSS scale.
• Impact: Attackers can execute arbitrary Python code via deserialization of malicious payloads, potentially leading to full system compromise.
• Affected Version: Kedro 0.19.8.
• Red-Team Relevance: Exploitable for privilege escalation, lateral movement, and system compromise in engagements.
• C-Suite Summary: A critical vulnerability in Kedro’s data storage mechanism could allow attackers to execute malicious code, posing significant risks to data integrity and system security.

C-Suite Summary

For senior executives, the key takeaway is that CVE-2024-9701 represents a critical security risk to organizations using Kedro for data pipeline management. The vulnerability allows attackers to execute arbitrary code on affected systems, potentially leading to data breaches, system compromise, and operational disruptions. Immediate action is required to patch or mitigate the vulnerability, including:

• Upgrading to a patched version of Kedro (if available).
• Implementing strict access controls to limit who can create or modify shelve files.
• Monitoring for unusual activity or unauthorized access to shelve files.

This vulnerability underscores the importance of proactive vulnerability management and the need for robust security practices in data pipeline management.

Technical Details

The ShelveStore class in Kedro is designed to manage session data using Python’s shelve module, which in turn relies on pickle for serialization. The pickle module is known for its security risks, as it can execute arbitrary code during deserialization if the input is not properly sanitized. In this case, an attacker can exploit this behavior by crafting a malicious payload and storing it in a shelve file. When the file is deserialized, the payload executes, allowing the attacker to run arbitrary Python code on the target system¹².

The vulnerability is particularly dangerous because it does not require user interaction or elevated privileges to exploit. An attacker with access to the shelve file—whether through a compromised system or a malicious upload—can trigger the exploit, leading to potential remote code execution (RCE) and full system compromise³.

Red-Team Relevance

For red-teamers, CVE-2024-9701 presents a valuable opportunity for privilege escalation, lateral movement, and system compromise during engagements. Here’s how this vulnerability can be weaponized:

1. Initial Access: Exploit the vulnerability to gain a foothold in a target environment by uploading a malicious shelve file to a vulnerable Kedro instance.
2. Privilege Escalation: Execute arbitrary Python code to elevate privileges and gain administrative access to the system.
3. Lateral Movement: Use the compromised system as a pivot point to move laterally across the network, targeting other vulnerable instances or systems.
4. Persistence: Embed malicious code in shelve files to maintain persistence within the target environment, ensuring continued access even after initial exploitation.

This vulnerability is particularly useful in environments where Kedro is used for data pipeline management, as it often involves access to sensitive data and critical systems.

Mitigation and Recommendations

To mitigate the risks associated with CVE-2024-9701, organizations should:

1. Upgrade Kedro: Check for updates from the Kedro development team and upgrade to a patched version as soon as it becomes available.
2. Restrict Access: Limit access to shelve files to trusted users and systems.
3. Monitor Activity: Implement logging and monitoring to detect unauthorized access or modifications to shelve files.
4. Use Alternative Storage: Consider using alternative storage mechanisms that do not rely on pickle for serialization.

Conclusion

CVE-2024-9701 is a critical vulnerability that highlights the risks associated with using insecure serialization mechanisms like pickle. Organizations using Kedro must take immediate action to mitigate the risks and protect their systems from potential exploitation. For red-teamers, this vulnerability offers a powerful tool for offensive engagements, making it a valuable addition to their arsenal.

References

1. NVD (2025). “Vulnerability Change Records for CVE-2024-9701”. National Vulnerability Database.
2. GitHub Security Advisory (2025). “Kedro deserialization vulnerability · CVE-2024-9701”. GitHub.
3. Vulmon (2025). “CVE-2024-9701 Remote Code Execution in Kedro”. Vulmon.