File Read Vulnerability in PaddlePaddle's Vision Operations
CVE-2024-1603

7.5HIGH

Key Information:

Vendor: Paddlepaddle
Status: Paddlepaddle/paddle
Vendor: CVE Published:; 23 March 2024

🔔 Create Paddlepaddle Vulnerability Alert

What is CVE-2024-1603?

A vulnerability has been identified in version 2.6.0 of PaddlePaddle, specifically within the paddle.vision.ops.read_file functionality. This security flaw allows an attacker to read arbitrary files from the server, which could potentially expose sensitive data or system configurations. Proper validation and security checks must be implemented to mitigate this risk. Users of PaddlePaddle are strongly advised to upgrade to a secure version and review their configurations to ensure that no unauthorized access is possible.

Affected Version(s)

paddlepaddle/paddle <= unspecified

References

https://huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2024
Vulnerability Reserved
Feb 18, 2024

CVE-2024-1603 Data

JSON