Skip to main content

External Control of File Name or Path

CVE-2024-1603

Severity High
Score 8.2/10

Summary

The package PaddlePaddle/Paddle allows arbitrary file read via "paddle.vision.ops.read_file".

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-73 - External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.

Advisory Timeline

  • Published