CVE-2022-45907 (High) detected in torch-1.12.1-cp37-cp37m-manylinux1_x86_64.whl, torch-1.13.0-cp37-cp37m-manylinux1_x86_64.whl - autoclosed #49
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
CVE-2022-45907 - High Severity Vulnerability
Vulnerable Libraries - torch-1.12.1-cp37-cp37m-manylinux1_x86_64.whl, torch-1.13.0-cp37-cp37m-manylinux1_x86_64.whl
torch-1.12.1-cp37-cp37m-manylinux1_x86_64.whl
Tensors and Dynamic neural networks in Python with strong GPU acceleration
Library home page: https://files.pythonhosted.org/packages/b9/af/23c13cd340cd333f42de225ba3da3b64e1a70425546d1a59bfa42d465a5d/torch-1.12.1-cp37-cp37m-manylinux1_x86_64.whl
Path to dependency file: /tmp/ws-scm/opensearch-py-ml
Path to vulnerable library: /tmp/ws-scm/opensearch-py-ml
Dependency Hierarchy:
torch-1.13.0-cp37-cp37m-manylinux1_x86_64.whl
Tensors and Dynamic neural networks in Python with strong GPU acceleration
Library home page: https://files.pythonhosted.org/packages/7a/fb/b1b11ae95ffa7099ca2e60ed5945e56130cc8740208f42aa77f17e03ab3c/torch-1.13.0-cp37-cp37m-manylinux1_x86_64.whl
Path to dependency file: /tmp/ws-scm/opensearch-py-ml
Path to vulnerable library: /tmp/ws-scm/opensearch-py-ml,/requirements.txt,/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: f353dfaa038f1c153b1ca1966477dcbb72eb98dd
Found in base branch: main
Vulnerability Details
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
Publish Date: 2022-11-26
URL: CVE-2022-45907
CVSS 3 Score Details (9.8)
Base Score Metrics:
The text was updated successfully, but these errors were encountered: