Command Injection

paddlepaddle is vulnerable to command injection. The vulnerability exists due to a lack of user input validation in the system parameter of fs.py which allows an attacker to inject arbitrary commands into the operating system...

GHSA-9Q9V-QGWX-84MR Command injection in PaddlePaddle

PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system...

CVE-2023-38673

PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system...

CVE-2023-38673

PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system...

PYSEC-2023-126

PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted inthe ability to execute arbitrary commands on the operating system...

Command injection

PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system...

PYSEC-2023-126

PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system...

CVE-2023-38673 Command injection in fs.py

PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system...

CVE-2023-38673

CVE-2023-38673 affects PaddlePaddle prior to 2.5.0, with a command injection in fs.py that can lead to arbitrary OS command execution. Root cause: lack of input validation in the system call path. Impact metrics indicate critical risk (CVSS v3.1: 9.8/CRITICAL, network exposure, high CIA). Affecte...

CVE-2023-38673 Command injection in fs.py

PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system...

PaddlePaddle 操作系统命令注入漏洞

PaddlePaddle is an independent R&D deep learning platform open-sourced by China's PaddlePaddle. A security vulnerability exists in PaddlePaddle versions prior to 2.5.0, which stems from a command injection vulnerability in PaddlePaddle's fs.py file...

PT-2023-26546 · Unknown · Paddlepaddle

Name of the Vulnerable Software and Affected Versions: PaddlePaddle versions prior to 2.5.0 Description: The issue allows for command injection in the fs.py module, resulting in the ability to execute arbitrary commands on the operating system. Recommendations: For versions prior to 2.5.0, update...

Arbitrary File Write

MindsDB is vulnerable to Arbitrary File Write. The vulnerability exists due to an unsafe extraction process that utilizes the shutil.unpackarchive function in fs.py which allows an attacker to write arbitrary files outside the expected directory...