Skip to main content

Paddlepaddle CVE-2024-0817

HIGH
Command Injection (CWE-77)
2024-03-07 security@huntr.dev
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 07, 2024 - 02:15 nvd
HIGH 7.8

DescriptionNVD

Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0

AnalysisAI

Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0 Affected products include: Paddlepaddle.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2024-0917 CRITICAL POC
9.8 Mar 07

remote code execution in paddlepaddle/paddle 2.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely e

CVE-2023-38673 CRITICAL POC
9.8 Jul 26

PaddlePaddle before 2.5.0 has a command injection in fs.py. Rated critical severity (CVSS 9.8), this vulnerability is re

CVE-2023-38671 CRITICAL POC
9.8 Jul 26

Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. Rated critical severity (CVSS 9.8), this vulnerabilit

CVE-2023-38669 CRITICAL POC
9.8 Jul 26

Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability i

CVE-2022-46742 CRITICAL POC
9.8 Dec 07

Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. Rated cr

CVE-2022-45908 CRITICAL POC
9.8 Nov 26

In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on

CVE-2024-0818 CRITICAL POC
9.1 Mar 07

Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6. Rated critical severity (CVSS 9.1), this

CVE-2022-46741 CRITICAL POC
9.1 Dec 07

Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. Rated critical severity (CVSS 9.1), this vulnerability is

CVE-2024-0815 HIGH POC
8.8 Mar 07

Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0. Rated high sever

CVE-2024-1603 HIGH POC
7.5 Mar 23

paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file. Rated high severity (CVSS 7.5), th

CVE-2023-38672 HIGH POC
7.5 Jul 26

FPE in paddle.trace in PaddlePaddle before 2.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploit

CVE-2023-38670 HIGH POC
7.5 Jul 26

Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. Rated high severity (CVSS 7.5), this vulnerability

Share

CVE-2024-0817 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy