PyTorch Machine Learning Framework Compromised with Malicious Dependency

The maintainers of the PyTorch package have warned users who have installed the nightly builds of the library between December 25, 2022, and December 30, 2022, to uninstall and download the latest versions following a dependency confusion attack. "PyTorch-nightly Linux packages installed via pip...

GHSA-47FC-VMWQ-366V PyTorch vulnerable to arbitrary code execution

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely. The fix for this issue is available in version 1.13.1. There is a release checker in issue 89855...

PyTorch vulnerable to arbitrary code execution

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely. The fix for this issue is available in version 1.13.1. There is a release checker in issue 89855...

CVE-2022-45907

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

CVE-2022-45907

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

DEBIAN-CVE-2022-45907

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

CVE-2022-45907

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

Code injection

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

UBUNTU-CVE-2022-45907

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

PYSEC-2022-43015

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

PYSEC-2022-43015

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

CVE-2022-45907

CVE-2022-45907 is a PyTorch vulnerability where torch.jit.annotations.parse_type_line uses eval unsafely, enabling arbitrary code execution. Documented impact is high (CRITICAL, CVSS 3.1/3.0 vectors with 9.8 base score). Affected IBM products include Watson Studio for Cloud Pak for Data (versions...

CVE-2022-45907

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

CVE-2022-45907

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

PyTorch 代码注入漏洞

PyTorch is a Python package in the PyTorch open source. A code injection vulnerability exists in versions prior to PyTorch trunk/89695 that stems from an unsafe use of eval in its torch.jit.annotations.parsetypeline component leading to arbitrary code execution...

CVE-2022-45907

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

PT-2022-7517 · Pytorch +1 · Pytorch +1

Name of the Vulnerable Software and Affected Versions: PyTorch versions prior to 1.13.1 Description: The issue is related to the incorrect management of code generation in the torch.jit.annotations.parse type line function of the PyTorch machine learning framework. This can allow a remote attacke...

AZL-35147 CVE-2022-1941 affecting package pytorch for versions less than 2.2.2-2

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of...

SCU-Captcha 安全漏洞

SCU-Captcha is the SCU JWC CAPTCHA recognition model, based on Pytorch, which has been released on PYPI. A security vulnerability exists in SCU-Captcha that stems from the presence of a code execution backdoor inserted by a third party...

Contextual Code Execution

Description The main function uses the eval function which can lead to contextual code execution, allowing an attacker to gain access to a system and execute commands with the privileges of the running program by setting NUITKAPYTHONPATH, NUITKANAMESPACES or NUITKAPTHIMPORTED to a malicious paylo...