4 matches found
Contextual Code Execution
Description The main function uses the eval function which can lead to contextual code execution, allowing an attacker to gain access to a system and execute commands with the privileges of the running program by setting NUITKAPYTHONPATH, NUITKANAMESPACES or NUITKAPTHIMPORTED to a malicious paylo...
anomalib (>=0.2.2 <=0.2.4), argos-trains (=0.1.0) +174 more potentially affected by CVE-2022-0845 via pytorch-lightning (>=0.10.0 <=1.5.9)
pytorch-lightning PYPI version =0.10.0, =0.2.2, =0.1.1, =0.3.2b20220222, =0.3.2b20220222, =0.0.1, =0.0.7, =3.0.0, =3.3.0 and more Source cves: CVE-2022-0845 Source advisory: OSV:GHSA-R5QJ-CVF9-P85H...
anomalib (>=0.2.2 <=0.2.4), argos-trains (=0.1.0) +174 more potentially affected by CVE-2022-0845 via pytorch-lightning (>=0.10.0 <=1.5.9)
pytorch-lightning PYPI version =0.10.0, =0.2.2, =0.1.1, =0.3.2b20220222, =0.3.2b20220222, =0.0.1, =0.0.7, =3.0.0, =3.3.0 and more Source cves: CVE-2022-0845 Source advisory: OSV:PYSEC-2022-181...
CVE-2022-0845
CVE-2022-0845 affects PyTorch Lightning (repository pytorchlightning/pytorch-lightning) and is a Code Injection vulnerability present in releases prior to 1.6.0. Public descriptions indicate an injection path enabling code execution and, in some sources, exploitation of trainer configuration (e.g...