PYSEC-2022-43015

Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2022-43015.yaml
Aliases
Published
2022-11-26T02:15:00Z
Modified
2023-12-06T01:02:42.829739Z
Details

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely.

References

Affected packages

PyPI / torch

Package

Name
torch

Affected ranges

Type
GIT
Repo
https://github.com/pytorch/pytorch
Events
Introduced
0The exact introduced commit is unknown
Fixed
767f6aa49fe20a2766b9843d01e3b7f7793df6a3
Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.13.1

Affected versions

1.*

1.0.0
1.0.1
1.0.1.post2
1.1.0
1.1.0.post2
1.2.0
1.3.0
1.3.0.post2
1.3.1
1.4.0
1.5.0
1.5.1
1.6.0
1.7.0
1.7.1
1.8.0
1.8.1
1.9.0
1.9.1
1.10.0
1.10.1
1.10.2
1.11.0
1.12.0
1.12.1
1.13.0