Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/paddlepaddle@2.6.0

Type pypi

Namespace

Name paddlepaddle

Version 2.6.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.6.1

Latest_non_vulnerable_version 2.6.1

Affected_by_vulnerabilities

url VCID-17nd-k3cn-4bb4

vulnerability_id VCID-17nd-k3cn-4bb4

summary

PaddlePaddle command injection in paddle.utils.download._wget_download
Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url	https://github.com/PaddlePaddle/Paddle/commit/4c0888d7b8f10405e2e79adc41c224264f93e816
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/4c0888d7b8f10405e2e79adc41c224264f93e816

reference_url	https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350
reference_id
reference_type
scores
url	https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-0815
reference_id	CVE-2024-0815
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-0815

reference_url	https://github.com/advisories/GHSA-qqv2-35q8-p2g2
reference_id	GHSA-qqv2-35q8-p2g2
reference_type
scores
url	https://github.com/advisories/GHSA-qqv2-35q8-p2g2

fixed_packages

aliases CVE-2024-0815, GHSA-qqv2-35q8-p2g2

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-17nd-k3cn-4bb4

url VCID-fsej-h74n-6ffs

vulnerability_id VCID-fsej-h74n-6ffs

summary

PaddlePaddle command injection vulnerability
Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url	https://github.com/PaddlePaddle/Paddle/commit/bdf6234fdc22e6ee7948950d271cbbe1d27edc93
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/bdf6234fdc22e6ee7948950d271cbbe1d27edc93

reference_url	https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3
reference_id
reference_type
scores
url	https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-0817
reference_id	CVE-2024-0817
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-0817

reference_url	https://github.com/advisories/GHSA-fh54-3vhg-mpc2
reference_id	GHSA-fh54-3vhg-mpc2
reference_type
scores
url	https://github.com/advisories/GHSA-fh54-3vhg-mpc2

fixed_packages

aliases CVE-2024-0817, GHSA-fh54-3vhg-mpc2

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fsej-h74n-6ffs

url VCID-fzzq-2t1q-p7fa

vulnerability_id VCID-fzzq-2t1q-p7fa

summary

PaddlePaddle Path Traversal vulnerability
Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url	https://github.com/PaddlePaddle/Paddle/commit/5c50d1a8b97b310cbc36560ec36d8377d6f29d7c
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/5c50d1a8b97b310cbc36560ec36d8377d6f29d7c

reference_url	https://huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9
reference_id
reference_type
scores
url	https://huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-0818
reference_id	CVE-2024-0818
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-0818

reference_url	https://github.com/advisories/GHSA-2rp8-hff9-c5wr
reference_id	GHSA-2rp8-hff9-c5wr
reference_type
scores
url	https://github.com/advisories/GHSA-2rp8-hff9-c5wr

fixed_packages

aliases CVE-2024-0818, GHSA-2rp8-hff9-c5wr

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fzzq-2t1q-p7fa

url VCID-mpck-qgnf-vfg5

vulnerability_id VCID-mpck-qgnf-vfg5

summary

PaddlePaddle vulnerable to remote code execution
remote code execution in paddlepaddle/paddle 2.6.0

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url	https://github.com/PaddlePaddle/Paddle/blob/develop/python/paddle/distributed/fleet/utils/fs.py#L723
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/blob/develop/python/paddle/distributed/fleet/utils/fs.py#L723

reference_url	https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119
reference_id
reference_type
scores
url	https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-0917
reference_id	CVE-2024-0917
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-0917

reference_url	https://github.com/advisories/GHSA-mrmm-qmrj-xgp6
reference_id	GHSA-mrmm-qmrj-xgp6
reference_type
scores
url	https://github.com/advisories/GHSA-mrmm-qmrj-xgp6

fixed_packages

aliases CVE-2024-0917, GHSA-mrmm-qmrj-xgp6

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mpck-qgnf-vfg5

url VCID-s51x-rhes-73h1

vulnerability_id VCID-s51x-rhes-73h1

summary Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/488a0ddc322b24659b6b0067fea3030d2f013cf4
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/488a0ddc322b24659b6b0067fea3030d2f013cf4

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-144.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-144.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52312
reference_id	CVE-2023-52312
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52312

reference_url	https://github.com/advisories/GHSA-qppw-c37g-xwcc
reference_id	GHSA-qppw-c37g-xwcc
reference_type
scores
url	https://github.com/advisories/GHSA-qppw-c37g-xwcc

fixed_packages

url	pkg:pypi/paddlepaddle@2.6.1
purl	pkg:pypi/paddlepaddle@2.6.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.1

aliases CVE-2023-52312, GHSA-qppw-c37g-xwcc, PYSEC-2024-144

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s51x-rhes-73h1

url VCID-wqhd-4yv8-37ea

vulnerability_id VCID-wqhd-4yv8-37ea

summary

PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url	https://github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.py#L1262
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.py#L1262

reference_url	https://github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.py#L1295-L1334
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.py#L1295-L1334

reference_url	https://huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c55929e
reference_id
reference_type
scores
url	https://huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c55929e

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-1603
reference_id	CVE-2024-1603
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-1603

reference_url	https://github.com/advisories/GHSA-jwrc-3v3f-5cq5
reference_id	GHSA-jwrc-3v3f-5cq5
reference_type
scores
url	https://github.com/advisories/GHSA-jwrc-3v3f-5cq5

fixed_packages

aliases CVE-2024-1603, GHSA-jwrc-3v3f-5cq5

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqhd-4yv8-37ea

Fixing_vulnerabilities

url VCID-17s7-wrdn-ebes

vulnerability_id VCID-17s7-wrdn-ebes

summary FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-007.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-007.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-130.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-130.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-38675
reference_id	CVE-2023-38675
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-38675

reference_url	https://github.com/advisories/GHSA-jm68-fpmr-8j2g
reference_id	GHSA-jm68-fpmr-8j2g
reference_type
scores
url	https://github.com/advisories/GHSA-jm68-fpmr-8j2g

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-38675, GHSA-jm68-fpmr-8j2g, PYSEC-2024-130

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-17s7-wrdn-ebes

url VCID-35qf-2v8r-t3cf

vulnerability_id VCID-35qf-2v8r-t3cf

summary FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-017.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-017.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-140.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-140.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52308
reference_id	CVE-2023-52308
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52308

reference_url	https://github.com/advisories/GHSA-v9pg-qw6x-w5r2
reference_id	GHSA-v9pg-qw6x-w5r2
reference_type
scores
url	https://github.com/advisories/GHSA-v9pg-qw6x-w5r2

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-52308, GHSA-v9pg-qw6x-w5r2, PYSEC-2024-140

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35qf-2v8r-t3cf

url VCID-45e3-a2hf-4bh9

vulnerability_id VCID-45e3-a2hf-4bh9

summary PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-019.md

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-019.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/49bec176053595975c1941cff9749c55f7203ea9
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/49bec176053595975c1941cff9749c55f7203ea9

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-142.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-142.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52310
reference_id	CVE-2023-52310
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52310

reference_url	https://github.com/advisories/GHSA-j5h9-9r39-43q5
reference_id	GHSA-j5h9-9r39-43q5
reference_type
scores
url	https://github.com/advisories/GHSA-j5h9-9r39-43q5

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-52310, GHSA-j5h9-9r39-43q5, PYSEC-2024-142

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-45e3-a2hf-4bh9

url VCID-49pw-ktz7-jfh4

vulnerability_id VCID-49pw-ktz7-jfh4

summary FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-014.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-014.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-137.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-137.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52305
reference_id	CVE-2023-52305
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52305

reference_url	https://github.com/advisories/GHSA-rx2r-q96c-w5cc
reference_id	GHSA-rx2r-q96c-w5cc
reference_type
scores
url	https://github.com/advisories/GHSA-rx2r-q96c-w5cc

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-52305, GHSA-rx2r-q96c-w5cc, PYSEC-2024-137

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-49pw-ktz7-jfh4

url VCID-7dca-ch9k-jkb6

vulnerability_id VCID-7dca-ch9k-jkb6

summary FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-015.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-015.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-138.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-138.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52306
reference_id	CVE-2023-52306
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52306

reference_url	https://github.com/advisories/GHSA-rg9q-m8hv-xxr6
reference_id	GHSA-rg9q-m8hv-xxr6
reference_type
scores
url	https://github.com/advisories/GHSA-rg9q-m8hv-xxr6

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-52306, GHSA-rg9q-m8hv-xxr6, PYSEC-2024-138

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7dca-ch9k-jkb6

url VCID-9cbs-47dq-rfca

vulnerability_id VCID-9cbs-47dq-rfca

summary PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-023.md

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-023.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/5ed9478fdef96a06eeec9093f9e768c97b094af3
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/5ed9478fdef96a06eeec9093f9e768c97b094af3

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-146.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-146.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52314
reference_id	CVE-2023-52314
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52314

reference_url	https://github.com/advisories/GHSA-3cr5-2446-8pg3
reference_id	GHSA-3cr5-2446-8pg3
reference_type
scores
url	https://github.com/advisories/GHSA-3cr5-2446-8pg3

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-52314, GHSA-3cr5-2446-8pg3, PYSEC-2024-146

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9cbs-47dq-rfca

url VCID-akmg-8bh1-xufv

vulnerability_id VCID-akmg-8bh1-xufv

summary OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-010.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-010.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-133.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-133.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-38678
reference_id	CVE-2023-38678
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-38678

reference_url	https://github.com/advisories/GHSA-mr78-v55p-7777
reference_id	GHSA-mr78-v55p-7777
reference_type
scores
url	https://github.com/advisories/GHSA-mr78-v55p-7777

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-38678, GHSA-mr78-v55p-7777, PYSEC-2024-133

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akmg-8bh1-xufv

url VCID-cuna-r55b-rqf3

vulnerability_id VCID-cuna-r55b-rqf3

summary Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-008.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-008.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-131.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-131.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-38676
reference_id	CVE-2023-38676
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-38676

reference_url	https://github.com/advisories/GHSA-x3q9-c788-j7c8
reference_id	GHSA-x3q9-c788-j7c8
reference_type
scores
url	https://github.com/advisories/GHSA-x3q9-c788-j7c8

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-38676, GHSA-x3q9-c788-j7c8, PYSEC-2024-131

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cuna-r55b-rqf3

url VCID-fbr1-2g6w-tqaa

vulnerability_id VCID-fbr1-2g6w-tqaa

summary Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-012.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-012.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-135.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-135.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52303
reference_id	CVE-2023-52303
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52303

reference_url	https://github.com/advisories/GHSA-2wcj-qr76-9768
reference_id	GHSA-2wcj-qr76-9768
reference_type
scores
url	https://github.com/advisories/GHSA-2wcj-qr76-9768

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-52303, GHSA-2wcj-qr76-9768, PYSEC-2024-135

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fbr1-2g6w-tqaa

url VCID-fd4j-1rre-5ua9

vulnerability_id VCID-fd4j-1rre-5ua9

summary FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-009.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-009.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-132.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-132.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-38677
reference_id	CVE-2023-38677
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-38677

reference_url	https://github.com/advisories/GHSA-c6ph-m8cw-rfqh
reference_id	GHSA-c6ph-m8cw-rfqh
reference_type
scores
url	https://github.com/advisories/GHSA-c6ph-m8cw-rfqh

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-38677, GHSA-c6ph-m8cw-rfqh, PYSEC-2024-132

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fd4j-1rre-5ua9

url VCID-gh73-617q-sbdc

vulnerability_id VCID-gh73-617q-sbdc

summary

Improper Control of Generation of Code ('Code Injection')
Code Injection in paddlepaddle/paddle

references

reference_url	https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453
reference_id
reference_type
scores
url	https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-0521
reference_id	CVE-2024-0521
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-0521

reference_url	https://github.com/advisories/GHSA-chj7-w3f6-cvfj
reference_id	GHSA-chj7-w3f6-cvfj
reference_type
scores
url	https://github.com/advisories/GHSA-chj7-w3f6-cvfj

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2024-0521, GHSA-chj7-w3f6-cvfj

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gh73-617q-sbdc

url VCID-h7rz-ms5h-huen

vulnerability_id VCID-h7rz-ms5h-huen

summary Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-013.md

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-013.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-136.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-136.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52304
reference_id	CVE-2023-52304
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52304

reference_url	https://github.com/advisories/GHSA-4rrv-8gcp-24v8
reference_id	GHSA-4rrv-8gcp-24v8
reference_type
scores
url	https://github.com/advisories/GHSA-4rrv-8gcp-24v8

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-52304, GHSA-4rrv-8gcp-24v8, PYSEC-2024-136

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h7rz-ms5h-huen

url VCID-ndbe-sr54-f3ha

vulnerability_id VCID-ndbe-sr54-f3ha

summary Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-018.md

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-018.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-141.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-141.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52309
reference_id	CVE-2023-52309
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52309

reference_url	https://github.com/advisories/GHSA-8fp7-jwv2-49x9
reference_id	GHSA-8fp7-jwv2-49x9
reference_type
scores
url	https://github.com/advisories/GHSA-8fp7-jwv2-49x9

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-52309, GHSA-8fp7-jwv2-49x9, PYSEC-2024-141

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ndbe-sr54-f3ha

url VCID-nehj-8bwx-qyce

vulnerability_id VCID-nehj-8bwx-qyce

summary FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-006.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-006.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-129.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-129.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-38674
reference_id	CVE-2023-38674
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-38674

reference_url	https://github.com/advisories/GHSA-xjpw-hx47-rccv
reference_id	GHSA-xjpw-hx47-rccv
reference_type
scores
url	https://github.com/advisories/GHSA-xjpw-hx47-rccv

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-38674, GHSA-xjpw-hx47-rccv, PYSEC-2024-129

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nehj-8bwx-qyce

url VCID-pt8v-dqvj-yue7

vulnerability_id VCID-pt8v-dqvj-yue7

summary Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-011.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-011.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-134.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-134.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52302
reference_id	CVE-2023-52302
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52302

reference_url	https://github.com/advisories/GHSA-547m-23x7-cxg5
reference_id	GHSA-547m-23x7-cxg5
reference_type
scores
url	https://github.com/advisories/GHSA-547m-23x7-cxg5

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-52302, GHSA-547m-23x7-cxg5, PYSEC-2024-134

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pt8v-dqvj-yue7

url VCID-pyt1-w4bk-x7cb

vulnerability_id VCID-pyt1-w4bk-x7cb

summary PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-020.md

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-020.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/c5f6862d118d7d69210f0e73bea1b055f5f21f2b
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/c5f6862d118d7d69210f0e73bea1b055f5f21f2b

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-143.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-143.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52311
reference_id	CVE-2023-52311
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52311

reference_url	https://github.com/advisories/GHSA-rf7p-79xq-8xwm
reference_id	GHSA-rf7p-79xq-8xwm
reference_type
scores
url	https://github.com/advisories/GHSA-rf7p-79xq-8xwm

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-52311, GHSA-rf7p-79xq-8xwm, PYSEC-2024-143

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pyt1-w4bk-x7cb

url VCID-s51x-rhes-73h1

vulnerability_id VCID-s51x-rhes-73h1

summary Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/488a0ddc322b24659b6b0067fea3030d2f013cf4
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/488a0ddc322b24659b6b0067fea3030d2f013cf4

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-144.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-144.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52312
reference_id	CVE-2023-52312
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52312

reference_url	https://github.com/advisories/GHSA-qppw-c37g-xwcc
reference_id	GHSA-qppw-c37g-xwcc
reference_type
scores
url	https://github.com/advisories/GHSA-qppw-c37g-xwcc

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

url	pkg:pypi/paddlepaddle@2.6.1
purl	pkg:pypi/paddlepaddle@2.6.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.1

aliases CVE-2023-52312, GHSA-qppw-c37g-xwcc, PYSEC-2024-144

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s51x-rhes-73h1

url VCID-sshq-1n66-uugm

vulnerability_id VCID-sshq-1n66-uugm

summary Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-016.md

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-016.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/6fdb316c8b0eb747e5324907e352824c9dba8215
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/6fdb316c8b0eb747e5324907e352824c9dba8215

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-139.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-139.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52307
reference_id	CVE-2023-52307
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52307

reference_url	https://github.com/advisories/GHSA-g57v-2687-jx33
reference_id	GHSA-g57v-2687-jx33
reference_type
scores
url	https://github.com/advisories/GHSA-g57v-2687-jx33

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-52307, GHSA-g57v-2687-jx33, PYSEC-2024-139

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sshq-1n66-uugm

url VCID-z3ar-bcd5-gya8

vulnerability_id VCID-z3ar-bcd5-gya8

summary FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

references

reference_url	https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle

reference_url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-022.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-022.md

reference_url	https://github.com/PaddlePaddle/Paddle/commit/6ef71779197ad6faf51ac295022ab5008d81372f
reference_id
reference_type
scores
url	https://github.com/PaddlePaddle/Paddle/commit/6ef71779197ad6faf51ac295022ab5008d81372f

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-145.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-145.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-52313
reference_id	CVE-2023-52313
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-52313

reference_url	https://github.com/advisories/GHSA-275c-w5mq-v5m2
reference_id	GHSA-275c-w5mq-v5m2
reference_type
scores
url	https://github.com/advisories/GHSA-275c-w5mq-v5m2

fixed_packages

url pkg:pypi/paddlepaddle@2.6.0

purl pkg:pypi/paddlepaddle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17nd-k3cn-4bb4

vulnerability	VCID-fsej-h74n-6ffs

vulnerability	VCID-fzzq-2t1q-p7fa

vulnerability	VCID-mpck-qgnf-vfg5

vulnerability	VCID-s51x-rhes-73h1

vulnerability	VCID-wqhd-4yv8-37ea

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

aliases CVE-2023-52313, GHSA-275c-w5mq-v5m2, PYSEC-2024-145

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z3ar-bcd5-gya8

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0

Package Instance