CVE-2024-0521
published 2024-01-20CVE-2024-0521: Code Injection in paddlepaddle/paddle Code Injection in paddlepaddle/paddle
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.46%
36.3th percentile
Code Injection in paddlepaddle/paddle
Code Injection in paddlepaddle/paddle
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paddlepaddle | paddlepaddle | >= 0 < 2.6.0 | 2.6.0 |
| paddlepaddle | paddlepaddle_paddle | unspecified – latest | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.3CRITICALCVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvelistv57.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Code Injection in paddlepaddle
ghsa·2024-01-20
CVE-2024-0521 [CRITICAL] CWE-94 Code Injection in paddlepaddle
Code Injection in paddlepaddle
The vulnerability arises from the way the url parameter is incorporated into the command string without proper validation or sanitization. If the url is constructed from untrusted sources, an attacker could potentially inject malicious commands.
CVEList
Code Injection in paddlepaddle/paddle
cvelistv5·2024-01-20·CVSS 7.8
CVE-2024-0521 [HIGH] CWE-94 Code Injection in paddlepaddle/paddle
Code Injection in paddlepaddle/paddle
Code Injection in paddlepaddle/paddle
OSV
Code Injection in paddlepaddle
osv·2024-01-20
CVE-2024-0521 [CRITICAL] Code Injection in paddlepaddle
Code Injection in paddlepaddle
The vulnerability arises from the way the url parameter is incorporated into the command string without proper validation or sanitization. If the url is constructed from untrusted sources, an attacker could potentially inject malicious commands.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-01-20
Published