CVE-2022-45908

Name of the Vulnerable Software and Affected Versions PaddlePaddle versions prior to 2.4

Description The issue arises from the paddle.audio.functional.get window function calling eval on a user-supplied winstr, leading to potential code injection and arbitrary code execution.

Recommendations For versions prior to 2.4, consider disabling the paddle.audio.functional.get window function until a patch is available. Restrict access to this function to minimize the risk of exploitation. Avoid using user-supplied input for the winstr variable in the affected function until the issue is resolved. Update to version 2.4 or later to resolve the issue.