What the vulnerability does
01Description
Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0
CVSS base score
9.3/10
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Key dates
02Disclosure timeline
March 7, 2024
CVE published
February 13, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-6091 Shell Command Denylist Bypass in significant-gravitas/autogpt
CVE-2023-30806 Sangfor Next-Gen Application Firewall PHPSESSID Command Injection
CVE-2025-3362 HGiga iSherlock - OS Command Injection
CVE-2024-2851 Tenda AC15 setsambacfg formSetSambaConf os command injection
CVE-2021-32533 QSAN SANOS - Command Injection
