6 matches found
CVE-2024-0817
Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0...
paddle-ner (=0.1.0), paddle-quantum (>=1.1.1 <=2.2.1) +3 more potentially affected by CVE-2024-0817 via paddlepaddle (=1.8.5)
paddlepaddle PYPI version =1.8.5 is affected by a known vulnerability. The following packages have a transitive dependency on paddlepaddle and may be impacted: - paddle-ner =0.1.0 - paddle-quantum =1.1.1, =1.8.5.0, =1.8.5.1 - paddle-tokenizer =0.1.0 - pyunit-ner =2021.8.2 Source cves: CVE-2024-08...
CVE-2024-0817
Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0...
CVE-2024-0817
Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0...
CVE-2024-0817
CVE-2024-0817 concerns PaddlePaddle 2.6.0's IrGraph.draw. Connected sources provide a concrete technical detail: the vulnerability arises from lack of proper input validation on user-supplied data (save_path and name parameters), which are directly incorporated into a subprocess call, enabling co...
CVE-2024-0817
Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0...