HIGH 7.5 PyPI
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
GHSA-jwrc-3v3f-5cq5 · CVE-2024-1603
Published · Modified
Description
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-1603
- PACKAGE https://github.com/PaddlePaddle/Paddle
- WEB https://github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.py#L1262
- WEB https://github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.py#L1295-L1334
- WEB https://huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c55929e
Ready to move
Start Securing
Free, no credit card | First findings in minutes