CVE-2024-1603: PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
(updated )
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.
References
- github.com/PaddlePaddle/Paddle
- github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.py
- github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.py
- github.com/advisories/GHSA-jwrc-3v3f-5cq5
- huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c55929e
- nvd.nist.gov/vuln/detail/CVE-2024-1603
Detect and mitigate CVE-2024-1603 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →