Medium severity5.3NVD Advisory· Published Mar 12, 2025· Updated Apr 15, 2026

CVE-2024-27763

Description

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment variable.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
basicsrPyPI	<= 1.4.2	—

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-86w8-vhw6-q9qqghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-27763ghsaADVISORY
gist.github.com/aydinnyunus/40e1d8a3b529261ae654ff4891f1e192nvdWEB
github.com/XPixelGroup/BasicSR/blob/master/basicsr/utils/dist_util.pynvdWEB

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000