CVE-2022-45907: Improper Neutralization of Special Elements used in a Command ('Command Injection')
(updated )
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
References
Detect and mitigate CVE-2022-45907 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →