Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-46742
CVE-2022-46742:
Python vulnerability analysis and mitigation
Overview
CVE-2022-46742 is a code injection vulnerability discovered in the paddle.audio.functional.get_window function of PaddlePaddle framework. The vulnerability was identified by Tong Liu of ShanghaiTech University and was patched in PaddlePaddle 2.4 (Paddle Advisory).
Technical details
The vulnerability exists in the get_window function where it calls eval on user-supplied winstr parameter without proper validation. The vulnerability is classified as CWE-94 (Code Injection) (NVD CNA Status). The CVSS v3.1 base score is rated as Critical with metrics including Network attack vector, Low attack complexity, No privileges required, and No user interaction needed (NVD CVSS).
Impact
Successful exploitation of this vulnerability could lead to arbitrary code execution on the affected system. The vulnerability affects the integrity and availability of the system with high impact levels (NVD CVSS).
Mitigation and workarounds
The vulnerability has been patched in commit 26c419ca386aeae3c461faf2b828d00b48e908eb and the fix is included in PaddlePaddle version 2.4. Users are advised to upgrade to this version or later (Paddle Advisory).
Additional resources
Source: This report was generated using AI
Related Python vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management