In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
References
Link | Resource |
---|---|
https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3 | Patch Third Party Advisory |
https://github.com/pytorch/pytorch/issues/88868 | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 |
26 Apr 2023, 17:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:linuxfoundation:pytorch:*:*:*:*:*:python:*:* |
28 Nov 2022, 19:25
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/pytorch/pytorch/issues/88868 - Exploit, Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3 - Patch, Third Party Advisory | |
First Time |
Linuxfoundation
Linuxfoundation pytorch |
|
CWE | CWE-77 | |
CPE | cpe:2.3:a:linuxfoundation:pytorch:-:*:*:*:*:python:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
26 Nov 2022, 03:14
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-26 02:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-45907
Mitre link : CVE-2022-45907
CVE.ORG link : CVE-2022-45907
JSON object : View
Products Affected
linuxfoundation
- pytorch
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')