High severityNVD Advisory· Published Mar 23, 2024· Updated Feb 13, 2025
confirmed
CVE-2024-1603
Description
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
paddlepaddlePyPI | <= 2.6.0 | — |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-jwrc-3v3f-5cq5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-1603ghsaADVISORY
- github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.pyghsaWEB
- github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.pyghsaWEB
- huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c55929eghsaWEB
News mentions
0No linked articles in our index yet.