Lucene search
GoogleOSV:GHSA-47FC-VMWQ-366VHistoryNov 26, 2022 - 3:30 a.m.
PyTorch vulnerable to arbitrary code execution
2022-11-2603:30:27
Google
osv.dev
21
0.002 Low
EPSS
Percentile
60.8%
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. The fix for this issue is available in version 1.13.1. There is a release checker in issue #89855.
References
github.com/pytorch/pytorch
github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3
github.com/pytorch/pytorch/issues/88868
github.com/pytorch/pytorch/issues/89855
github.com/pytorch/pytorch/pull/89189
github.com/pytorch/pytorch/releases/tag/v1.13.1
nvd.nist.gov/vuln/detail/CVE-2022-45907
Related
cvelist
cvelist
CVE-2022-45907
2022-11-26 00:00:00
ibm
ibm
Security Bulletin: PyTorch vulnerability affects IBM Watson Machine Learning in Cloud Pak for Data [CVE-2022-45907]
2024-01-03 07:16:03
veracode
veracode
Arbitrary Code Execution
2022-12-05 05:12:43
ubuntucve
ubuntucve
CVE-2022-45907
2022-11-26 00:00:00
github
github
PyTorch vulnerable to arbitrary code execution
2022-11-26 03:30:27
debiancve
debiancve
CVE-2022-45907
2022-11-26 02:15:00
osv
osv
PYSEC-2022-43015
2022-11-26 02:15:00
BIT-pytorch-2022-45907
2024-03-06 11:02:51
CVE-2022-45907
2022-11-26 02:15:10
prion
prion
Code injection
2022-11-26 02:15:00
cve
cve
CVE-2022-45907
2022-11-26 02:15:00