VYPR
← All advisories
High severityNVD Advisory· Published Mar 7, 2024· Updated Feb 13, 2025

CVE-2024-0815

CVE-2024-0815

Description

Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A command injection vulnerability in PaddlePaddle 2.6.0's _wget_download function allows unauthenticated remote code execution via crafted URLs.

CVE-2024-0815 is a command injection vulnerability in PaddlePaddle (Paddle) version 2.6.0. The bug resides in the paddle.utils.download._wget_download function, which improperly sanitizes user-supplied URLs before passing them to a shell command. Although a filter attempts to restrict URL schemes to http/https, it does not prevent injection of arbitrary shell commands within the URL string. [1][2]

Attackers can exploit this vulnerability without authentication by providing a specially crafted URL to any Paddle feature that triggers a _wget_download call. Since the function uses subprocess.Popen with shell=True, an injected command (e.g., via semicolons or backticks) executes in the context of the Paddle application. The official advisory describes the issue as a command injection with a filter bypass, indicating that the existing validation is insufficient. [2][3]

Successful exploitation allows an attacker to execute arbitrary OS commands on the system running the vulnerable Paddle version. This can lead to full compromise of the application's host, including data exfiltration, lateral movement within the network, or deployment of further malicious payloads. The CVSS v3.1 base score assigned is 9.8 (Critical), reflecting the severe impact and ease of exploitation over the network. [2]

The PaddlePaddle maintainers have remediated the vulnerability in commit 4c0888d7b8f10405e2e79adc41c224264f93e816, which completely removes the _wget_download function and the associated 'wget' download method. Users are strongly advised to update to a patched version (e.g., later than 2.6.0) or apply the changes from the referenced commit. At the time of publication, no workaround other than updating has been provided, and the vulnerability is being tracked by huntr.dev under bounty ID 83bf8191-b259-4b24-8ec9-0115d7c05350. [3][4]

References
  1. GitHub - PaddlePaddle/Paddle: PArallel Distributed Deep LEarning: Machine Learning Framework from Industrial Practice (『飞桨』核心框架,深度学习&机器学习高性能单机、分布式训练和跨平台部署)
  2. NVD - CVE-2024-0815
  3. remove _wget (#61356) · PaddlePaddle/Paddle@4c0888d
  4. The world’s first bug bounty platform for AI/ML

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
paddlepaddlePyPI
<= 2.6.0

Affected products

2

Patches

1
4c0888d7b8f1

remove _wget (#61356)

https://github.com/PaddlePaddle/PaddleWenyuFeb 4, 2024via ghsa
commit
3 files changed · +2 52
  • python/paddle/hapi/hub.py+0 1 modified
    @@ -117,7 +117,6 @@ def _get_cache_or_reload(repo, force_reload, verbose=True, source='github'):
             hub_dir,
             check_exist=not force_reload,
             decompress=False,
-            method=('wget' if source == 'gitee' else 'get'),
         )
         shutil.move(fpath, cached_file)
  • python/paddle/utils/download.py+1 37 modified
    @@ -15,14 +15,11 @@
 import hashlib
 import os
 import os.path as osp
-import shlex
 import shutil
-import subprocess
 import sys
 import tarfile
 import time
 import zipfile
-from urllib.parse import urlparse
 
 import httpx
 
@@ -198,40 +195,7 @@ def _get_download(url, fullname):
         return False
 
 
-def _wget_download(url: str, fullname: str):
-    try:
-        assert urlparse(url).scheme in (
-            'http',
-            'https',
-        ), 'Only support https and http url'
-        # using wget to download url
-        tmp_fullname = shlex.quote(fullname + "_tmp")
-        url = shlex.quote(url)
-        # –user-agent
-        command = f'wget -O {tmp_fullname} -t {DOWNLOAD_RETRY_LIMIT} {url}'
-        subprc = subprocess.Popen(
-            command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE
-        )
-        _ = subprc.communicate()
-
-        if subprc.returncode != 0:
-            raise RuntimeError(
-                f'{command} failed. Please make sure `wget` is installed or {url} exists'
-            )
-
-        shutil.move(tmp_fullname, fullname)
-
-    except Exception as e:  # requests.exceptions.ConnectionError
-        logger.info(f"Downloading {url} failed with exception {str(e)}")
-        return False
-
-    return fullname
-
-
-_download_methods = {
-    'get': _get_download,
-    'wget': _wget_download,
-}
+_download_methods = {'get': _get_download}
 
 
 def _download(url, path, md5sum=None, method='get'):
  • test/legacy_test/test_download.py+1 14 modified
    @@ -120,14 +120,6 @@ def test_retry_exception(
                 './test',
             )
 
-    def test_wget_download_error(
-        self,
-    ):
-        with self.assertRaises(RuntimeError):
-            from paddle.utils.download import _download
-
-            _download('www.baidu', './test', method='wget')
-
     def test_download_methods(
         self,
     ):
@@ -136,14 +128,9 @@ def test_download_methods(
             "https://paddle-hapi.bj.bcebos.com/unittest/files.zip",
         ]
 
-        import sys
-
         from paddle.utils.download import _download
 
-        if sys.platform == 'linux':
-            methods = ['wget', 'get']
-        else:
-            methods = ['get']
+        methods = ['get']
 
         for url in urls:
             for method in methods:

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.