Command Injection Vulnerability in PaddlePaddle's IrGraph.draw Function
CVE-2024-0817

7.8HIGH

Key Information:

Vendor: Paddlepaddle
Status: Paddlepaddle/paddle
Vendor: CVE Published:; 7 March 2024

🔔 Create Paddlepaddle Vulnerability Alert

What is CVE-2024-0817?

A command injection vulnerability exists within the IrGraph.draw function of PaddlePaddle version 2.6.0, which allows attackers to execute arbitrary commands via crafted input. This flaw can lead to unauthorized system access or manipulation of data, potentially compromising the integrity of the application. Improving input validation and sanitization processes is essential to mitigate this security issue and protect users from potential exploitation.

Affected Version(s)

paddlepaddle/paddle <= unspecified

References

https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fd...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2024
Vulnerability Reserved
Jan 23, 2024

CVE-2024-0817 Data

JSON