We use cookies to improve your experience on our site.
AVID-2026-R1166
Description
Vulnerability CVE-2022-45907
Details
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
Reason for inclusion in AVID: CVE-2022-45907 describes an arbitrary code execution vulnerability in PyTorch (torch.jit.annotations.parse_type_line) due to unsafe use of eval. PyTorch is a core AI/ML framework and is widely used to build/train/deploy general-purpose AI systems. This is a software vulnerability in a dependency used in AI stacks, i.e., a software supply-chain issue, not hardware/firmware alone.
References
- NVD entry
- https://github.com/pytorch/pytorch/issues/88868
- https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2022-11-26
- Version: 0.3.3
- AVID Entry