CVE-2022-45908

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-45908
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45908.json
Aliases
Published
2022-11-26T02:15:10Z
Modified
2023-11-29T09:55:07.269395Z
Details

In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.

References

Affected packages

Git / github.com/PaddlePaddle/Paddle

Affected ranges

Type
GIT
Repo
https://github.com/PaddlePaddle/Paddle
Events
Introduced
0The exact introduced commit is unknown
Fixed
26c419ca386aeae3c461faf2b828d00b48e908eb
Type
GIT
Repo
https://github.com/paddlepaddle/paddle
Events
Introduced
0The exact introduced commit is unknown
Fixed
3fa7a736e32508e797616b6344d97814c37d3ff8

Affected versions

V0.*

V0.8.0b0
V0.8.0b1

v0.*

v0.10.0
v0.10.0rc
v0.10.0rc4
v0.11.0
v0.11.1a1
v0.11.1a2
v0.12.0
v0.15.0-rc0
v0.9.0
v0.9.0a0

v2.*

v2.4.0-rc0