geotils (=0.3.0.post2), ipp-toolkit (=0.1.2) +1 more potentially affected by CVE-2024-49048 via torchgeo (>=0.4.1 <=0.5.2)

torchgeo PYPI version =0.4.1, =0.1.0, =0.1.1 Source cves: CVE-2024-49048 Source advisory: OSV:GHSA-GHQ9-VC6F-8QJF...

EUVD-2024-0217

TorchGeo Remote Code Execution Vulnerability...

TorchGeo Remote Code Execution Vulnerability

Impact TorchGeo 0.4–0.6.0 used an eval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose torchgeo.models.getweight or torchgeo.trainers as an external API could be affected. Patches The eval statement wa...

GHSA-GHQ9-VC6F-8QJF TorchGeo Remote Code Execution Vulnerability

Impact TorchGeo 0.4–0.6.0 used an eval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose torchgeo.models.getweight or torchgeo.trainers as an external API could be affected. Patches The eval statement wa...

TorchGeo Remote Code Execution Vulnerability

Impact TorchGeo 0.4–0.6.0 used an ""eval"" https://docs.python.org/3/library/functions.htmleval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose ""torchgeo.models.getweight""...

torchgeo Python Library < 0.6.1 RCE

The version of the torchgeo Python library installed on the remote host is prior to 0.6.1. It is, therefore, affected by a remote code execution vulnerability. The usage of 'eval' in torchgeo's 'getweight' API function could allow an unauthenticated, remote attacker to execute arbitrary commands...

Arbitrary Code Injection

Overview torchgeo is a TorchGeo: datasets, samplers, transforms, and pre-trained models for geospatial data Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of specific data inputs. An attacker can execute arbitrary code on the system. Remediation...

geotils (=0.3.0.post2), ipp-toolkit (=0.1.2) +1 more potentially affected by CVE-2024-49048 via torchgeo (>=0.4.1 <=0.5.2)

torchgeo PYPI version =0.4.1, =0.1.0, =0.1.1 Source cves: CVE-2024-49048 Source advisory: SNYK:PYTHON-TORCHGEO-8370211...

Duplicate Advisory: TorchGeo Remote Code Execution Vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ghq9-vc6f-8qjf. This link is maintained to preserve external references. Original Description TorchGeo Remote Code Execution Vulnerability...

GHSA-G5VP-J278-8PJH Duplicate Advisory: TorchGeo Remote Code Execution Vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ghq9-vc6f-8qjf. This link is maintained to preserve external references. Original Description TorchGeo Remote Code Execution Vulnerability...

PYSEC-2024-204

TorchGeo Remote Code Execution Vulnerability...

geotils (=0.3.0.post2), ipp-toolkit (=0.1.2) +1 more potentially affected by CVE-2024-49048 via torchgeo (>=0.4.1 <=0.5.2)

torchgeo PYPI version =0.4.1, =0.1.0, =0.1.1 Source cves: CVE-2024-49048 Source advisory: OSV:PYSEC-2024-204...

PYSEC-2024-204

TorchGeo Remote Code Execution Vulnerability...

CVE-2024-49048

TorchGeo Remote Code Execution Vulnerability...

CVE-2024-49048

TorchGeo Remote Code Execution Vulnerability...

CVE-2024-49048 TorchGeo Remote Code Execution Vulnerability

...

CVE-2024-49048

CVE-2024-49048 affects the TorchGeo Python library: versions prior to 0.6.1 are vulnerable to remote code execution because the get_weight() API uses eval(), enabling an unauthenticated remote attacker to run arbitrary commands. The Nessus entry corroborates this RCE claim for

CVE-2024-49048 TorchGeo Remote Code Execution Vulnerability

...

TorchGeo Remote Code Execution Vulnerability

...

Microsoft TorchGeo 代码注入漏洞

Microsoft TorchGeo is a PyTorch domain library from Microsoft Corporation USA that provides datasets, samplers, transformations, and pre-trained models specific to geospatial data. Microsoft TorchGeo suffers from a code injection vulnerability. An attacker exploiting this vulnerability could...