CVE-2024-0818

Description

Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6

How to fix CVE-2024-0818

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• PyPI/paddlepaddle—no fix listed

Is CVE-2024-0818 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, <= 2.6.0

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-0818
• PATCHgithub.com/PaddlePaddle/Paddle
• WEBgithub.com/PaddlePaddle/Paddle/commit/5c50d1a8b97b310cbc36560ec36d8377d6f29d7c
• WEBhuntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9