CVE-2022-45907

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PyTorch versions prior to 1.13.1

Description The issue is related to the incorrect management of code generation in the torch.jit.annotations.parse type line() function of the PyTorch machine learning framework. This can allow a remote attacker to execute arbitrary code because eval is used unsafely.

Recommendations For versions prior to 1.13.1, update to version 1.13.1 to resolve the issue. As a temporary workaround, consider restricting the use of the torch.jit.annotations.parse type line() function until a patch is available.

Exploit

Fix

Command Injection

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-94

Related Identifiers

BDU:2024-06840

BIT-PYTORCH-2022-45907

CVE-2022-45907

GHSA-47FC-VMWQ-366V

PYSEC-2022-43015

Affected Products

Debian

Pytorch

CVE-2022-45907

Weakness Enumeration

Related Identifiers

Affected Products

References · 21