17 matches found
CVE-2026-57516
Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...
CVE-2026-57516 Ray < 2.56.0 Unsafe Deserialization RCE via WebDataset Reader
Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...
CVE-2026-57516
Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...
EUVD-2026-41089
Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...
CVE-2026-57516
Ray prior to 2.56.0 is affected via the WebDataset reader flaw in which _default_decoder() deserializes tar entries using pickle.loads for .pkl/.pickle and torch.load for .pt/.pth, enabling remote code execution inside Ray remote workers when processing a malicious tar archive. Affected component...
CVE-2025-23294
NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service...
EUVD-2025-24629
Malicious code in bioql PyPI...
NVIDIA WebDataset OS Command Injection Vulnerability
NVIDIA WebDataset is a high-performance data storage method from NVIDIA. NVIDIA WebDataset suffers from an operating system command injection vulnerability that can be exploited by an attacker to bypass the authentication process and take over the accounts of other web application users under...
CVE-2025-23294
NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service...
Command Injection
Overview webdataset is a High performance storage and I/O for deep learning and data processing. Affected versions of this package are vulnerable to Command Injection due to the user-supplied input handle. An attacker can execute arbitrary code with elevated permissions, potentially leading to...
aeiou (>=0.0.12 <=0.0.21), aistore (>=1.4.23 <=1.8.0) +200 more potentially affected by CVE-2025-23294 via webdataset (>=0.1.103 <=1.0.2)
webdataset PYPI version =0.1.103, =0.0.12, =1.4.23, =1.0.0, =0.0.1, =1.0.2.1, =1.0.0, =0.1.1a1, =0.1.0, =0.0.13, =1.0.3, =0.0.1.dev6, =0.4.0 and more Source cves: CVE-2025-23294 Source advisory: SNYK:PYTHON-WEBDATASET-12089391...
CVE-2025-23294
NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service...
CVE-2025-23294
NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service...
CVE-2025-23294
CVE-2025-23294 affects NVIDIA WebDataset across platforms. The issue enables an attacker to execute arbitrary code with elevated permissions, causing potential privilege escalation, data tampering, information disclosure, and denial of service . The attack vector is indicated as local with low co...
PT-2025-33025 · Nvidia · Nvidia Webdataset
Name of the Vulnerable Software and Affected Versions: NVIDIA WebDataset affected versions not specified Description: NVIDIA WebDataset contains an issue that may allow an attacker to execute arbitrary code with elevated permissions. A successful exploit could lead to escalation of privileges, da...
NVIDIA WebDataset 操作系统命令注入漏洞
NVIDIA WebDataset is a high-performance data storage method from NVIDIA. NVIDIA WebDataset suffers from an operating system command injection vulnerability that can be exploited by an attacker to bypass the authentication process and take over the accounts of other web application users under...
Security Bulletin: NVIDIA WebDataset - August 2025
NVIDIA has released a software update for NVIDIA WebDataset. To protect your system, install the software including the Github commit 9e95f50 of NVIDIA WebDataset. Go to NVIDIA Product Security...