CVE-2022-46741
https://notcve.org/view.php?id=CVE-2022-46741
Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. Lectura fuera de los límites en together_tree en PaddlePaddle antes de 2.4. • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-001.md • CWE-125: Out-of-bounds Read •
CVE-2022-45908
https://notcve.org/view.php?id=CVE-2022-45908
In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. En PaddlePaddle anterior a 2.4, paddle.audio.functional.get_window es vulnerable a la inyección de código porque llama a eval en un winstr proporcionado por el usuario. Esto puede provocar la ejecución de código arbitrario. • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-002.md https://github.com/PaddlePaddle/Paddle/commit/26c419ca386aeae3c461faf2b828d00b48e908eb • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-31523
https://notcve.org/view.php?id=CVE-2022-31523
The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio de PaddlePaddle/Anakin versiones hasta 0.1.1 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •