VYPR
← All advisories
High severityNVD Advisory· Published Mar 7, 2024· Updated Apr 16, 2025

CVE-2024-0817

CVE-2024-0817

Description

Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Command injection in PaddlePaddle's IrGraph.draw function allows arbitrary OS command execution via crafted dot file paths.

Vulnerability

CVE-2024-0817 describes a command injection vulnerability in the IrGraph.draw method of PaddlePaddle 2.6.0. The root cause lies in the _convert_to_pdf helper function, which previously used subprocess.call with shell=True to execute the dot command. It constructed the command by directly concatenating the dot_file_path variable into a shell string, without sanitizing or validating the input [3].

Exploitation

An attacker who can control the save_path parameter (or influence the file path passed to draw) can inject arbitrary shell commands. Because the dot_file_path is derived from the user-supplied save_path and is inserted into a shell command without escaping, an attacker can append shell metacharacters (e.g., semicolons, pipes, backticks) to execute arbitrary OS commands on the system running the PaddlePaddle model visualization [3][4].

Impact

Successful exploitation could allow an attacker to execute arbitrary commands on the host system with the privileges of the PaddlePaddle process. This could lead to data exfiltration, installation of malware, lateral movement within the network, or denial of service. The vulnerability has a CVSS base score of 8.8 (High) per NVD [2].

Mitigation

The vulnerability is patched in PaddlePaddle commit bdf6234fdc22e6ee7948950d271cbbe1d27edc93, which changed the subprocess.call invocation to use a command list (['dot', '-Tpdf', dot_file_path, '-o', pdf_save_path]) instead of a shell string with shell=True, thereby preventing command injection [3]. Users should update to a version containing this fix or apply the patch.

References
  1. NVD - CVE-2024-0817
  2. [Security] fix draw security problem (#61161) · PaddlePaddle/Paddle@bdf6234
  3. The world’s first bug bounty platform for AI/ML

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
paddlepaddlePyPI
<= 2.6.0

Affected products

2

Patches

1
bdf6234fdc22

[Security] fix draw security problem (#61161)

https://github.com/PaddlePaddle/PaddlewanghuancoderJan 25, 2024via ghsa
commit
1 file changed · +1 2
  • python/paddle/base/framework.py+1 2 modified
    @@ -5655,8 +5655,7 @@ def draw(self, save_path, name, marked_nodes=None, remove_ctr_var=True):
         def _convert_to_pdf(dot_file_path):
             pdf_save_path = os.path.splitext(dot_file_path)[0] + '.pdf'
             exited_code = subprocess.call(
-                'dot -Tpdf ' + dot_file_path + ' -o ' + pdf_save_path,
-                shell=True,
+                ['dot', '-Tpdf', dot_file_path, '-o', pdf_save_path]
             )
             if exited_code != 0:
                 print('The dot command is needed for creating pdf files.')

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.