GHSA-qqv2-35q8-p2g2

GitHub Security Advisory

PaddlePaddle command injection in paddle.utils.download._wget_download

✓ GitHub Reviewed HIGH Has CVE

Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0

PyPI paddlepaddle

Affected versions: 0 (last affected: 2.6.0)

CVE-2024-0815

GHSA ID

GHSA-qqv2-35q8-p2g2

Published

March 7, 2024 6:30 AM

Last Modified

January 21, 2025 6:20 PM

CVSS Score

7.5 /10

Primary Ecosystem

PyPI

Primary Package

paddlepaddle

GitHub Reviewed

✓ Yes

Last updated: July 7, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.