Skip to content

Possible Arbitrary code execution bug. #1116

New issue
New issue
Open
Open
Possible Arbitrary code execution bug.#1116
@d3m0n-r00t

Description

@d3m0n-r00t
d3m0n-r00t
opened on Jan 31, 2021

New Issue Checklist

  • I have read the Contribution Guidelines
    I searched for existing GitHub issues

Issue Description

Possibility of arbitrary code execution in tensorlayer.

Issue problem and fix explained here (418sec#1)

Activity

gurshafriri

gurshafriri commented on Feb 10, 2021

@gurshafriri
gurshafriri
on Feb 10, 2021

@zsdonghao @Laicheng0830 Did you have any chance to look at it?
If it is a valid vulnerability in the context of tensorlayer we (at Snyk would like to add it to our vulnerability db

d3m0n-r00t

d3m0n-r00t commented on Feb 18, 2021

@d3m0n-r00t
d3m0n-r00t
on Feb 18, 2021
Author

@zsdonghao Any comments on this?????

Laicheng0830

Laicheng0830 commented on Feb 18, 2021

@Laicheng0830
Laicheng0830
on Feb 18, 2021
Member

@d3m0n-r00t This is a potential security hole, you can fix it with Pull requests.

d3m0n-r00t
mentioned this on Feb 19, 2021
d3m0n-r00t

d3m0n-r00t commented on Feb 19, 2021

@d3m0n-r00t
d3m0n-r00t
on Feb 19, 2021
Author

@Laicheng0830
I have created a fix with huntr. Please find the fix here (418sec#1).

JamieSlome
mentioned this on Feb 19, 2021
JamieSlome

JamieSlome commented on Feb 19, 2021

@JamieSlome
JamieSlome
on Feb 19, 2021 · edited by JamieSlome

Attaching the original disclosure for reference:

418sec/huntr#1791 and https://www.huntr.dev/bounties/1-pip-tensorlayer/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @Laicheng0830@d3m0n-r00t@gurshafriri@JamieSlome

        Issue actions
          Possible Arbitrary code execution bug. · Issue #1116 · tensorlayer/TensorLayer