8 matches found
CVE-2022-45907
In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...
Linux Distros Unpatched Vulnerability : CVE-2022-45907
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely. CVE-2022-45907 Note that...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in PyTorch [CVE-2022-45907]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in PyTorch, a flaw in the orch.jit.annotations.parsetypeline function. CVE-2022-45907. PyTorch is included as part of our speech service runtimes. This vulnerabilitiy has been...
Security Bulletin: PyTorch is vulnerable to CVE-2022-45907 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses PyTorch which is vulnerable to CVE-2022-21271. Vulnerability Details CVEID:CVE-2022-45907 DESCRIPTION: PyTorch could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Angular is part of the .NET RHEL infrastructure CVE-2021-4231. Apache UIMA is used by IBM Robotic Process Automation as part of Watson NLP CVE-2022-32287. SnakeYaml is used by IBM Robotic Process...
3d-rcnet (>=0.1.0 <=0.2.3), 4996 (>=0.1.0 <=0.1.1) +602 more potentially affected by CVE-2022-45907 via torch (>=1.0.0 <=1.13.0)
torch PYPI version =1.0.0, =0.1.0, =0.1.0, =0.3.6, =0.4.0, =0.0.1, =1.0.0, =0.0.1, =0.7.0, =0.1.0, =0.0.9, =1.0.0, =1.1.0 and more Source cves: CVE-2022-45907 Source advisory: OSV:PYSEC-2022-43015...
CVE-2022-45907
In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...
CVE-2022-45907
CVE-2022-45907 is a PyTorch vulnerability where torch.jit.annotations.parse_type_line uses eval unsafely, enabling arbitrary code execution. Documented impact is high (CRITICAL, CVSS 3.1/3.0 vectors with 9.8 base score). Affected IBM products include Watson Studio for Cloud Pak for Data (versions...