Command Injection

PaddlePaddle is vulnerable to Command Injection. The vulnerability is caused due to improper command validation within the wgetdownload' method. The attacker can execute arbitrary commands on the operating system...

PaddlePaddle command injection in _wget_download

PaddlePaddle before 2.6.0 has a command injection in wgetdownload. This resulted in the ability to execute arbitrary commands on the operating system...

GHSA-RF7P-79XQ-8XWM PaddlePaddle command injection in _wget_download

PaddlePaddle before 2.6.0 has a command injection in wgetdownload. This resulted in the ability to execute arbitrary commands on the operating system...

CVE-2023-52311

PaddlePaddle before 2.6.0 has a command injection in wgetdownload. This resulted in the ability to execute arbitrary commands on the operating system...

CVE-2023-52311

PaddlePaddle before 2.6.0 has a command injection in wgetdownload. This resulted in the ability to execute arbitrary commands on the operating system...

CVE-2023-52311

CVE-2023-52311 affects PaddlePaddle prior to 2.6.0. The flaw is a command injection in the internal _wget_download function, enabling execution of arbitrary OS commands. The issue is network-exposed and yields high impact (confidentiality, integrity, and availability). Multiple external sources (...

CVE-2023-52311 Command injection in _wget_download

PaddlePaddle before 2.6.0 has a command injection in wgetdownload. This resulted in the ability to execute arbitrary commands on the operating system...