Lucene search

GoogleOSV:CVE-2023-52310

HistoryJan 03, 2024 - 9:15 a.m.

CVE-2023-52310

2024-01-0309:15:10

Google

osv.dev

paddlepaddle

command injection

vulnerability

operating system

execute commands

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.8%

JSON

PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.

CPENameOperatorVersion
paddleeq2.6.0-bak0
paddleeq0.15.0-rc0
paddleeq0.10.0rc4
paddleeq0.10.0
paddleeq0.10.0rc
paddleeq0.9.0a0
paddleeq0.11.1a2
paddleeq0.12.0
paddleeqV0.8.0b0
paddleeq0.11.0

Name	Operator	Version
paddle	eq	2.6.0-bak0
paddle	eq	0.15.0-rc0
paddle	eq	0.10.0rc4
paddle	eq	0.10.0
paddle	eq	0.10.0rc
paddle	eq	0.9.0a0
paddle	eq	0.11.1a2
paddle	eq	0.12.0
paddle	eq	V0.8.0b0
paddle	eq	0.11.0

Rows per page:

1-10 of 131

References

github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-019.md

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.8%

JSON

Related for OSV:CVE-2023-52310