VYPR
← All advisories
Critical severityNVD Advisory· Published Jan 3, 2024· Updated Jun 17, 2025

Command injection in _wget_download

CVE-2023-52311

Description

PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

PaddlePaddle before 2.6.0 contains a command injection vulnerability in _wget_download allowing arbitrary OS commands.

Vulnerability

Description

The vulnerability resides in the _wget_download function within PaddlePaddle, a deep learning framework. Prior to version 2.6.0, this function constructs a shell command by directly concatenating a user-supplied URL with the wget command, without any sanitization or validation of the URL parameter [4]. This lack of input validation allows an attacker to inject arbitrary shell commands via a crafted URL, leveraging Python's subprocess.Popen with shell=True [1][4].

Exploitation

To exploit this vulnerability, an attacker must be able to control the URL passed to the _get_download or _wget_download function. This can occur through scenarios where the framework downloads model files or other resources from user-specified URLs. The function does not require authentication or special privileges beyond what the application runs as. By providing a URL containing shell metacharacters (e.g., backticks, semicolons, or command substitution), an attacker can execute arbitrary OS commands on the system running PaddlePaddle [1][2][4].

Impact

Successful exploitation results in arbitrary command execution on the underlying operating system. This can lead to full system compromise, including unauthorized access to data, installation of malware, or pivoting to other systems on the same network. The severity is reflected in the high CVSS score, as the attack complexity is low and no authentication is required [2].

Mitigation

The vulnerability was fixed in PaddlePaddle version 2.6.0. The patch, visible in commit c5f6862, introduces URL parsing and validation to ensure that only HTTP and HTTPS schemes are accepted, effectively preventing command injection via the _wget_download function [4]. Users are strongly advised to upgrade to version 2.6.0 or later. No workaround is available for earlier versions [1][2].

References
  1. GitHub - PaddlePaddle/Paddle: PArallel Distributed Deep LEarning: Machine Learning Framework from Industrial Practice (『飞桨』核心框架,深度学习&机器学习高性能单机、分布式训练和跨平台部署)
  2. NVD - CVE-2023-52311
  3. fix wget download (#59957) · PaddlePaddle/Paddle@c5f6862

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
PaddlePaddlePyPI
< 2.6.02.6.0

Affected products

2

Patches

1
c5f6862d118d

fix wget download (#59957)

https://github.com/PaddlePaddle/PaddleWenyuDec 15, 2023via ghsa
commit
1 file changed · +24 14
  • python/paddle/utils/download.py+24 14 modified
    @@ -21,6 +21,7 @@
 import tarfile
 import time
 import zipfile
+from urllib.parse import urlparse
 
 import httpx
 
@@ -196,22 +197,31 @@ def _get_download(url, fullname):
         return False
 
 
-def _wget_download(url, fullname):
-    # using wget to download url
-    tmp_fullname = fullname + "_tmp"
-    # –user-agent
-    command = f'wget -O {tmp_fullname} -t {DOWNLOAD_RETRY_LIMIT} {url}'
-    subprc = subprocess.Popen(
-        command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE
-    )
-    _ = subprc.communicate()
-
-    if subprc.returncode != 0:
-        raise RuntimeError(
-            f'{command} failed. Please make sure `wget` is installed or {url} exists'
+def _wget_download(url: str, fullname: str):
+    try:
+        assert urlparse(url).scheme in (
+            'http',
+            'https',
+        ), 'Only support https and http url'
+        # using wget to download url
+        tmp_fullname = fullname + "_tmp"
+        # –user-agent
+        command = f'wget -O {tmp_fullname} -t {DOWNLOAD_RETRY_LIMIT} {url}'
+        subprc = subprocess.Popen(
+            command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE
         )
+        _ = subprc.communicate()
+
+        if subprc.returncode != 0:
+            raise RuntimeError(
+                f'{command} failed. Please make sure `wget` is installed or {url} exists'
+            )
+
+        shutil.move(tmp_fullname, fullname)
 
-    shutil.move(tmp_fullname, fullname)
+    except Exception as e:  # requests.exceptions.ConnectionError
+        logger.info(f"Downloading {url} failed with exception {str(e)}")
+        return False
 
     return fullname

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

5

News mentions

0

No linked articles in our index yet.