Remote Code Execution Vulnerability in PaddlePaddle
CVE-2024-0917

9.8CRITICAL

Key Information:

Vendor: Paddlepaddle
Status: Paddlepaddle/paddle
Vendor: CVE Published:; 7 March 2024

🔔 Create Paddlepaddle Vulnerability Alert

What is CVE-2024-0917?

A remote code execution vulnerability has been identified in PaddlePaddle version 2.6.0, potentially allowing an attacker to execute arbitrary code on the affected system. This vulnerability poses a significant risk as it could be exploited by malicious entities to take control of the application, manipulate data, or compromise system integrity. Users of PaddlePaddle should take immediate action to assess their systems and implement appropriate mitigations to protect against potential exploits.

Affected Version(s)

paddlepaddle/paddle <= unspecified

References

https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2024
Vulnerability Reserved
Jan 26, 2024

CVE-2024-0917 Data

JSON