Lucene search
HistoryJan 03, 2024 - 9:15 a.m.
CVE-2023-52314
paddlepaddle
command injection
vulnerability
convert_shape_compare
arbitrary commands
operating system
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.9
Confidence
High
EPSS
0.001
Percentile
29.6%
PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
Affected configurations
Node
paddlepaddlepaddlepaddleRange<2.6.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| paddlepaddle | paddlepaddle | * | cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:* |
Related
prion
prion
Command injection
2024-01-03 09:15:00
osv
osv
PaddlePaddle command injection in convert_shape_compare
2024-01-03 09:30:33
CVE-2023-52314
2024-01-03 09:15:11
github
github
PaddlePaddle command injection in convert_shape_compare
2024-01-03 09:30:33
cvelist
cvelist
CVE-2023-52314 Command injection in convert_shape_compare
2024-01-03 08:15:52
cve
cve
CVE-2023-52314
2024-01-03 09:15:11
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.9
Confidence
High
EPSS
0.001
Percentile
29.6%
Related for NVD:CVE-2023-52314