Lucene search

GoogleOSV:GHSA-2RP8-HFF9-C5WR

HistoryMar 07, 2024 - 3:30 p.m.

PaddlePaddle Path Traversal vulnerability

2024-03-0715:30:38

Google

osv.dev

path traversal vulnerability

arbitrary file overwrite

paddlepaddle software

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.7%

JSON

Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6

CPENameOperatorVersion
paddlepaddleeq2.2.0
paddlepaddleeq2.5.2
paddlepaddleeq2.4.0rc0
paddlepaddleeq2.3.2
paddlepaddleeq2.5.0
paddlepaddleeq2.4.1
paddlepaddleeq2.3.0
paddlepaddleeq2.1.1
paddlepaddleeq2.4.2
paddlepaddleeq2.2.0rc0

Name	Operator	Version
paddlepaddle	eq	2.2.0
paddlepaddle	eq	2.5.2
paddlepaddle	eq	2.4.0rc0
paddlepaddle	eq	2.3.2
paddlepaddle	eq	2.5.0
paddlepaddle	eq	2.4.1
paddlepaddle	eq	2.3.0
paddlepaddle	eq	2.1.1
paddlepaddle	eq	2.4.2
paddlepaddle	eq	2.2.0rc0

Rows per page:

1-10 of 231

References

github.com/PaddlePaddle/Paddle

github.com/PaddlePaddle/Paddle/commit/5c50d1a8b97b310cbc36560ec36d8377d6f29d7c

huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9

nvd.nist.gov/vuln/detail/CVE-2024-0818

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.7%

JSON

Related for OSV:GHSA-2RP8-HFF9-C5WR