VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-wqhd-4yv8-37ea

Vulnerability ID	VCID-wqhd-4yv8-37ea
Aliases	CVE-2024-1603 GHSA-jwrc-3v3f-5cq5
Summary	PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-73	External Control of File Name or Path
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		https://github.com/PaddlePaddle/Paddle
		https://github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.py#L1262
		https://github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.py#L1295-L1334
		https://huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c55929e
CVE-2024-1603		https://nvd.nist.gov/vuln/detail/CVE-2024-1603
GHSA-jwrc-3v3f-5cq5		https://github.com/advisories/GHSA-jwrc-3v3f-5cq5

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:47:26.238302+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/paddlepaddle/CVE-2024-1603.yml	38.6.0