7 matches found
CVE-2021-43811
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
CVE-2022-43811
To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...
CVE-2021-43811
creationtimestamp| type| source ---|---|--- 2021-12-09 02:23:05+00:00| seen| https://t.me/cibsecurity/33667 2022-08-22 13:51:08+00:00| published-proof-of-concept| Telegram/P942jOdyqR7oFT29HyIsqSCa5ypLmatmlqAq5qduNAKCsA 2022-08-22 14:03:16+00:00| published-proof-of-concept|...
CVE-2021-43811
Sockeye (PyTorch-based) vulnerable to code execution via unsafe YAML loading in model/data config files when using versions below 2.3.24; an attacker can inject malicious config, which executes locally when a user runs the model. The issue is fixed in 2.3.24. Practical impact is limited to users ...
CVE-2021-43811 Code injection via unsafe YAML loading
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
CVE-2024-43811
CVE-2024-43811 entry is rejected/not used and does not represent an active vulnerability.
CVE-2022-43811
CVE-2022-43811 entry is rejected and not used per the initial description.