—
PYSEC-2022-43015
Details
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / torch
Introduced in:
0 Fixed in: 767f6aa49fe20a2766b9843d01e3b7f7793df6a3 Fix
pip install --upgrade 'torch>=767f6aa49fe20a2766b9843d01e3b7f7793df6a3' References
- https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3 [FIX]
- https://github.com/pytorch/pytorch/issues/88868 [EVIDENCE]
- https://github.com/pytorch/pytorch/issues/88868 [REPORT]
- https://github.com/pytorch/pytorch/issues/88868 [FIX]
- https://github.com/advisories/GHSA-47fc-vmwq-366v [ADVISORY]