EUVD-2024-24956

Malicious code in bioql PyPI...

Local Code Execution (LCE)

XPixelGroup BasicSR is vulnerable to local code execution. The vulnerability is due to improper handling of a crafted SLURMNODELIST environment variable when executing "scontrol show hostname", allowing crafted input to influence command execution...

CVE-2024-27763

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURMNODELIST environment variable...

codeformer-perceptor (>=0.1.0 <=0.1.2), controlnet-hinter (>=0.0.3 <=0.0.5) +18 more potentially affected by CVE-2024-27763 via basicsr (>=1.3.4.9 <=1.4.2)

basicsr PYPI version =1.3.4.9, =0.1.0, =0.0.3, =1.0.2, =0.1.0, =2.2.4.5, =0.3.3, =0.0.1, =0.1.0, =0.2.2.3, =0.2.5.0 and more Source cves: CVE-2024-27763 Source advisory: OSV:GHSA-86W8-VHW6-Q9QQ...

codeformer-perceptor (>=0.1.0 <=0.1.2), controlnet-hinter (>=0.0.3 <=0.0.5) +18 more potentially affected by CVE-2024-27763 via basicsr (>=1.3.4.9 <=1.4.2)

basicsr PYPI version =1.3.4.9, =0.1.0, =0.0.3, =1.0.2, =0.1.0, =2.2.4.5, =0.3.3, =0.0.1, =0.1.0, =0.2.2.3, =0.2.5.0 and more Source cves: CVE-2024-27763 Source advisory: SNYK:PYTHON-BASICSR-9459848...

GHSA-86W8-VHW6-Q9QQ XPixelGroup BasicSR Command Injection

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURMNODELIST environment variable...

Arbitrary Command Injection

Overview basicsr is an Open Source Image and Video Super-Resolution Toolbox Affected versions of this package are vulnerable to Arbitrary Command Injection through the execution of scontrol show hostname in an environment where the SLURMNODELIST variable is manipulated. Remediation There is no...

XPixelGroup BasicSR Command Injection

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURMNODELIST environment variable...

CVE-2024-27763

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURMNODELIST environment variable...

BasicSR 安全漏洞

BasicSR is an open source image and video recovery toolkit from XPixelGroup Open Source. A security vulnerability exists in XPixelGroup BasicSR 1.4.2 and earlier versions that stems from a vulnerability that could allow native code execution under certain circumstances...

CVE-2024-27763

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURMNODELIST environment variable...

CVE-2024-27763

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURMNODELIST environment variable...

CVE-2024-27763

CVE-2024-27763 affects XPixelGroup BasicSR up to version 1.4.2. The issue arises from how a crafted SLURM_NODELIST input is handled when running scontrol show hostname, which can locally allow code execution. The CVSS vector indicates a Local attack with Low privileges required and no user intera...