未验证 提交 a5b3a65a 编写于 作者: V Vigi Zhang 提交者: GitHub

assign cve number to pdsa, test=document_fix (#48846)

上级 e677b5e5
## PDSA-2022-001: OOB read in gather_tree ## PDSA-2022-001: OOB read in gather_tree
### CVE Number
CVE-2022-46741
### Impact ### Impact
The PoC is as follows: The PoC is as follows:
......
## PDSA-2022-001: OOB read in gather_tree ## PDSA-2022-001: OOB read in gather_tree
### CVE编号
CVE-2022-46741
### 影响 ### 影响
PoC如下: PoC如下:
......
## PDSA-2022-002: Code injection in paddle.audio.functional.get_window ## PDSA-2022-002: Code injection in paddle.audio.functional.get_window
### CVE Number
CVE-2022-46742
### Impact ### Impact
`paddle.audio.functional.get_windowis` vulnerable to a code injection as it calls `eval` on user supplied `winstr`. This may lead to arbitrary code execution. `paddle.audio.functional.get_windowis` vulnerable to a code injection as it calls `eval` on user supplied `winstr`. This may lead to arbitrary code execution.
......
## PDSA-2022-002: Code injection in paddle.audio.functional.get_window ## PDSA-2022-002: Code injection in paddle.audio.functional.get_window
### CVE编号
CVE-2022-46742
### 影响 ### 影响
`paddle.audio.functional.get_window`由于使用`eval`用户提供的参数`winstr`而存在代码注入漏洞,将导致任意代码执行。 `paddle.audio.functional.get_window`由于使用`eval`用户提供的参数`winstr`而存在代码注入漏洞,将导致任意代码执行。
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册