TensorLayer icon indicating copy to clipboard operation
TensorLayer copied to clipboard
verified publisher icon tensorlayer

Possible Arbitrary code execution bug.

Open d3m0n-r00t opened this issue 5 years ago • 5 comments

New Issue Checklist

Issue Description

Possibility of arbitrary code execution in tensorlayer.

Issue problem and fix explained here (https://github.com/418sec/tensorlayer/pull/1)

d3m0n-r00t avatar Jan 31 '21 07:01 d3m0n-r00t

@zsdonghao @Laicheng0830 Did you have any chance to look at it? If it is a valid vulnerability in the context of tensorlayer we (at Snyk would like to add it to our vulnerability db

gurshafriri avatar Feb 10 '21 15:02 gurshafriri

@zsdonghao Any comments on this?????

d3m0n-r00t avatar Feb 18 '21 08:02 d3m0n-r00t

@d3m0n-r00t This is a potential security hole, you can fix it with Pull requests.

Laicheng0830 avatar Feb 18 '21 08:02 Laicheng0830

@Laicheng0830 I have created a fix with huntr. Please find the fix here (https://github.com/418sec/tensorlayer/pull/1).

d3m0n-r00t avatar Feb 19 '21 05:02 d3m0n-r00t

Attaching the original disclosure for reference:

https://github.com/418sec/huntr/pull/1791 and https://www.huntr.dev/bounties/1-pip-tensorlayer/

JamieSlome avatar Feb 19 '21 07:02 JamieSlome