confirmed

Vulnerability

Overview

The vulnerability in paddlepaddle/paddle version 2.6.0 stems from the function paddle.vision.ops.read_file which does not properly validate the path provided as input. This function, located in python/paddle/vision/ops.py around line 1262, directly passes a user-supplied file path to a file-reading operation without checking for path traversal components like ../ or ensuring the path stays within an allowed directory [3][4].

Exploitation

An attacker can exploit this flaw by providing a crafted file path that traverses the filesystem directory structure. For example, a path such as ../../etc/passwd would cause the function to read sensitive system files. No authentication or complex network position is required; the attack surface is any application or scenario where an attacker can influence the argument passed to read_file. This is a classic path traversal vulnerability [2].

Impact

Successful exploitation allows an attacker to read arbitrary files from the server filesystem that the PaddlePaddle process has access to. In a typical deployment, this could include sensitive configuration files, credentials, source code, or other confidential data, leading to information disclosure and potential further compromise of the system [1][2].

Mitigation

As of the publication date, users of PaddlePaddle 2.6.0 are advised to apply any patches released by the vendor. The vulnerability was reported through a bug bounty program (huntr.dev) and a fix may be available in newer versions of the framework. Users should update to a patched version or apply input validation on any user-supplied paths before passing them to read_file as a workaround [1][2].