We use cookies to improve your experience on our site.
AVID-2026-R1043
Description
Vulnerability CVE-2022-31523
Details
The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Reason for inclusion in AVID: The CVE describes a security vulnerability (absolute path traversal) in an AI-related repository (PaddlePaddle/Anakin) that could impact AI deployments and model-serving workflows. It affects a component used in AI software stacks, making it relevant to the general-purpose AI supply chain. The issue is a CVE with documented references, providing sufficient signal for curation.
References
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2022-07-11
- Version: 0.3.3
- AVID Entry