Reliance on Untrusted Inputs in a Security Decision
CVE-2019-10844
Summary
An Untrusted Inputs reliance vulnerability has been found in Sony Neural Network Libraries (aka nnabla) through v1.0.9. In file `nbla/logger.cpp` in `libnnabla.a` relies on the '$HOME' environment variable, which might be untrusted.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-807 - Reliance on Untrusted Inputs in a Security Decision
The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
References
Advisory Timeline
- Published