Lucene search
K

6 matches found

vulnersOsv
vulnersOsv
added 2023/07/26 12:30 p.m.4 views

paddle-ner (=0.1.0), paddle-quantum (>=1.1.1 <=2.2.1) +3 more potentially affected by CVE-2023-38673 via paddlepaddle (=1.8.5)

paddlepaddle PYPI version =1.8.5 is affected by a known vulnerability. The following packages have a transitive dependency on paddlepaddle and may be impacted: - paddle-ner =0.1.0 - paddle-quantum =1.1.1, =1.8.5.0, =1.8.5.1 - paddle-tokenizer =0.1.0 - pyunit-ner =2021.8.2 Source cves:...

9.8CVSS7.2AI score0.01997EPSS
Exploits1
NVD
NVD
added 2023/07/26 12:15 p.m.38 views

CVE-2023-38673

PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system...

9.8CVSS9.9AI score0.01997EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2023/07/26 12:15 p.m.4 views

paddle-ner (=0.1.0), paddle-quantum (>=1.1.1 <=2.2.1) +3 more potentially affected by CVE-2023-38673 via paddlepaddle (=1.8.5)

paddlepaddle PYPI version =1.8.5 is affected by a known vulnerability. The following packages have a transitive dependency on paddlepaddle and may be impacted: - paddle-ner =0.1.0 - paddle-quantum =1.1.1, =1.8.5.0, =1.8.5.1 - paddle-tokenizer =0.1.0 - pyunit-ner =2021.8.2 Source cves:...

9.8CVSS7.2AI score0.01997EPSS
Exploits1
Cvelist
Cvelist
added 2023/07/26 11:10 a.m.39 views

CVE-2023-38673 Command injection in fs.py

PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system...

9.6CVSS10AI score0.01997EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/26 11:10 a.m.18 views

CVE-2023-38673 Command injection in fs.py

PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system...

9.6CVSS8AI score0.01997EPSS
Exploits1References1
CVE
CVE
added 2023/07/26 11:10 a.m.156 views

CVE-2023-38673

CVE-2023-38673 affects PaddlePaddle prior to 2.5.0, with a command injection in fs.py that can lead to arbitrary OS command execution. Root cause: lack of input validation in the system call path. Impact metrics indicate critical risk (CVSS v3.1: 9.8/CRITICAL, network exposure, high CIA). Affecte...

9.8CVSS9.9AI score0.01997EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder