CVE-2024-0815

Description

Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0

How to fix CVE-2024-0815

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• PyPI/paddlepaddle—no fix listed

Is CVE-2024-0815 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, <= 2.6.0

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-0815
• PATCHgithub.com/PaddlePaddle/Paddle
• WEBgithub.com/PaddlePaddle/Paddle/commit/4c0888d7b8f10405e2e79adc41c224264f93e816
• WEBhuntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350