2 matches found
Arbitrary Code Execution
paddlepaddle is vulnerable to arbitrary code execution. The vulnerability exists in the multiple functions of window.py, allowing an attacker to inject and execute malicious code through the winstr parameter...
GHSA-83G7-8FCH-P37M PaddlePaddle vulnerable to code injection via winstr
In PaddlePaddle before 2.4, paddle.audio.functional.getwindow is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution...