PT-2022-27976 · Unknown · Paddlepaddle
Tong Liu
·
Published
2022-12-07
·
Updated
2022-12-09
·
CVE-2022-46742
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PaddlePaddle version 2.4.0-rc0
Description
The issue allows for code injection in the
paddle.audio.functional.get window function, enabling arbitrary code execution.Recommendations
For PaddlePaddle version 2.4.0-rc0, consider applying the patch available on the
develop branch of the repository, which is anticipated to be part of a 2.4 release. As a temporary workaround, consider restricting the use of the paddle.audio.functional.get window function until the issue is resolved.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Paddlepaddle