Critical severityNVD Advisory· Published Mar 7, 2024· Updated Feb 13, 2025

CVE-2024-0818

Description

Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A path traversal vulnerability in PaddlePaddle before 2.6 allows arbitrary file overwrite via the `download` function.

Root

Cause

The vulnerability resides in the download function in PaddlePaddle's source code. Prior to version 2.6, the module_name and save_name parameters were not sanitized, allowing path traversal sequences like ../. An attacker could control these parameters to write files outside the intended directory, leading to arbitrary file overwrite [2][3].

Exploitation

Exploitation requires the attacker to supply a malicious module_name or save_name value containing path traversal components. No authentication is needed if the function is exposed to user input, which is common in machine learning workflows where users can specify model download paths. The attack surface is broad as PaddlePaddle is a widely used deep learning framework [1].

Impact

Successful exploitation allows an attacker to overwrite arbitrary files on the system, such as configuration files, libraries, or even system binaries. This can lead to remote code execution, data corruption, or persistent compromise of the affected environment. The vulnerability is rated High severity with a CVSS score of 7.5 [2].

Mitigation

The fix was released in PaddlePaddle version 2.6. The commit introduces regex validation for both module_name and save_name to reject any strings that contain path traversal indicators or unsafe characters [3]. Users are strongly advised to update to the latest version. No workaround is available for unpatched versions.

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
paddlepaddlePyPI	<= 2.6.0	—

Affected products

ghsa-coords
pkg:pypi/paddlepaddle
Range: <= 2.6.0
paddlepaddle/paddlepaddle/paddlev5
Range: unspecified

Patches

5c50d1a8b97b

[Security] fix download security problem (#61162)

https://github.com/PaddlePaddle/PaddlewanghuancoderJan 31, 2024via ghsa

commit

1 file changed · +6 −0

python/paddle/dataset/common.py+6 −0 modified

@@ -18,6 +18,7 @@
 import importlib
 import os
 import pickle
+import re
 import shutil
 import sys
 import tempfile
@@ -71,6 +72,11 @@ def md5file(fname):
 
 
 def download(url, module_name, md5sum, save_name=None):
+    module_name = re.match("^[a-zA-Z0-9_/\\-]+$", module_name).group()
+    if isinstance(save_name, str):
+        save_name = re.match(
+            "^(?:(?!\\.\\.)[a-zA-Z0-9_/\\.-])+$", save_name
+        ).group()
     dirname = os.path.join(DATA_HOME, module_name)
     if not os.path.exists(dirname):
         os.makedirs(dirname)

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-2rp8-hff9-c5wrghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-0818ghsaADVISORY
github.com/PaddlePaddle/Paddle/commit/5c50d1a8b97b310cbc36560ec36d8377d6f29d7cghsaWEB
huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000