PaddlePaddle vulnerable to Code Injection
Critical severity
GitHub Reviewed
Published
Dec 7, 2022
to the GitHub Advisory Database
•
Updated Nov 1, 2024
Description
Published by the National Vulnerability Database
Dec 7, 2022
Published to the GitHub Advisory Database
Dec 7, 2022
Reviewed
Dec 7, 2022
Last updated
Nov 1, 2024
Code injection in
paddle.audio.functional.get_window
in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. A patch is available on thedevelop
branch of the repository and anticipated to be part of a 2.4 release.References