Code Injection in paddlepaddle

GHSA-chj7-w3f6-cvfj · CVE-2024-0521

Published Jan 20, 2024 · Modified Feb 16, 2024

Description

The vulnerability arises from the way the url parameter is incorporated into the command string without proper validation or sanitization. If the url is constructed from untrusted sources, an attacker could potentially inject malicious commands.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-0521
PACKAGE https://github.com/PaddlePaddle/Paddle
WEB https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes