22 matches found
geotils (=0.3.0.post2), ipp-toolkit (=0.1.2) +1 more potentially affected by CVE-2024-49048 via torchgeo (>=0.4.1 <=0.5.2)
torchgeo PYPI version =0.4.1, =0.1.0, =0.1.1 Source cves: CVE-2024-49048 Source advisory: OSV:GHSA-GHQ9-VC6F-8QJF...
EUVD-2024-0217
TorchGeo Remote Code Execution Vulnerability...
TorchGeo Remote Code Execution Vulnerability
Impact TorchGeo 0.4–0.6.0 used an eval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose torchgeo.models.getweight or torchgeo.trainers as an external API could be affected. Patches The eval statement wa...
GHSA-GHQ9-VC6F-8QJF TorchGeo Remote Code Execution Vulnerability
Impact TorchGeo 0.4–0.6.0 used an eval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose torchgeo.models.getweight or torchgeo.trainers as an external API could be affected. Patches The eval statement wa...
TorchGeo Remote Code Execution Vulnerability
Impact TorchGeo 0.4–0.6.0 used an ""eval"" https://docs.python.org/3/library/functions.htmleval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose ""torchgeo.models.getweight""...
torchgeo Python Library < 0.6.1 RCE
The version of the torchgeo Python library installed on the remote host is prior to 0.6.1. It is, therefore, affected by a remote code execution vulnerability. The usage of 'eval' in torchgeo's 'getweight' API function could allow an unauthenticated, remote attacker to execute arbitrary commands...
Arbitrary Code Injection
Overview torchgeo is a TorchGeo: datasets, samplers, transforms, and pre-trained models for geospatial data Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of specific data inputs. An attacker can execute arbitrary code on the system. Remediation...
geotils (=0.3.0.post2), ipp-toolkit (=0.1.2) +1 more potentially affected by CVE-2024-49048 via torchgeo (>=0.4.1 <=0.5.2)
torchgeo PYPI version =0.4.1, =0.1.0, =0.1.1 Source cves: CVE-2024-49048 Source advisory: SNYK:PYTHON-TORCHGEO-8370211...
Duplicate Advisory: TorchGeo Remote Code Execution Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ghq9-vc6f-8qjf. This link is maintained to preserve external references. Original Description TorchGeo Remote Code Execution Vulnerability...
GHSA-G5VP-J278-8PJH Duplicate Advisory: TorchGeo Remote Code Execution Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ghq9-vc6f-8qjf. This link is maintained to preserve external references. Original Description TorchGeo Remote Code Execution Vulnerability...
geotils (=0.3.0.post2), ipp-toolkit (=0.1.2) +1 more potentially affected by CVE-2024-49048 via torchgeo (>=0.4.1 <=0.5.2)
torchgeo PYPI version =0.4.1, =0.1.0, =0.1.1 Source cves: CVE-2024-49048 Source advisory: OSV:PYSEC-2024-204...
PYSEC-2024-204
TorchGeo Remote Code Execution Vulnerability...
PYSEC-2024-204
TorchGeo Remote Code Execution Vulnerability...
CVE-2024-49048
TorchGeo Remote Code Execution Vulnerability...
CVE-2024-49048
TorchGeo Remote Code Execution Vulnerability...
CVE-2024-49048 TorchGeo Remote Code Execution Vulnerability
...
CVE-2024-49048
CVE-2024-49048 affects the TorchGeo Python library: versions prior to 0.6.1 are vulnerable to remote code execution because the get_weight() API uses eval(), enabling an unauthenticated remote attacker to run arbitrary commands. The Nessus entry corroborates this RCE claim for
CVE-2024-49048 TorchGeo Remote Code Execution Vulnerability
...
TorchGeo Remote Code Execution Vulnerability
...
Microsoft TorchGeo 代码注入漏洞
Microsoft TorchGeo is a PyTorch domain library from Microsoft Corporation USA that provides datasets, samplers, transformations, and pre-trained models specific to geospatial data. Microsoft TorchGeo suffers from a code injection vulnerability. An attacker exploiting this vulnerability could...