13 matches found
EUVD-2021-0247
Malware in sbrugna...
CVE-2021-43811
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
GHSA-GGMR-44CV-24PM Code injection via unsafe YAML loading
Impact Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to...
Code injection via unsafe YAML loading
Impact Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to...
CVE-2021-43811
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
CVE-2021-43811
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
PYSEC-2021-848
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
Code injection
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
PYSEC-2021-848
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
CVE-2021-43811
Sockeye (PyTorch-based) vulnerable to code execution via unsafe YAML loading in model/data config files when using versions below 2.3.24; an attacker can inject malicious config, which executes locally when a user runs the model. The issue is fixed in 2.3.24. Practical impact is limited to users ...
CVE-2021-43811 Code injection via unsafe YAML loading
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
PT-2021-23951 · Sockeye · Sockeye
Name of the Vulnerable Software and Affected Versions: Sockeye versions prior to 2.3.24 Description: Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. It uses YAML to store model and data configurations on disk. The issue arises from unsafe...
Sockeye 代码注入漏洞
Sockeye is an open source sequence-to-sequence framework for neural machine translation based on PyTorch. Sockeye suffers from a code injection vulnerability that stems from Sockeye's use of YAML to store model and data configurations on disk.Versions of Sockeye up to 2.3.24 are loaded using...