Hashnerf Pytorch
Monthly
Unsafe deserialization in HashNeRF-pytorch's Checkpoint File Handler allows a local low-privileged attacker to achieve arbitrary code execution by supplying a malicious file via the `ckpt_path` argument to `torch.load()` in `run_nerf.py`. All commits up to 82885e698295982504eb6a26d060a6b2473e3706 are affected; a fix exists as an unmerged pull request (PR #50). A public exploit has been disclosed via GitHub issue #49, though no CISA KEV listing has been identified, indicating no confirmed widespread active exploitation at time of analysis.
Unsafe deserialization in HashNeRF-pytorch's Checkpoint File Handler allows a local low-privileged attacker to achieve arbitrary code execution by supplying a malicious file via the `ckpt_path` argument to `torch.load()` in `run_nerf.py`. All commits up to 82885e698295982504eb6a26d060a6b2473e3706 are affected; a fix exists as an unmerged pull request (PR #50). A public exploit has been disclosed via GitHub issue #49, though no CISA KEV listing has been identified, indicating no confirmed widespread active exploitation at time of analysis.