Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-DEBIAN12-PYTORCH-3149886
- published 27 Nov 2022
- disclosed 26 Nov 2022
How to fix?
pytorch to version 1.13.1+dfsg-1 or higher.
Note: Versions mentioned in the description apply only to the upstream
pytorch package and not the
pytorch package as distributed by
How to fix? for
Debian:12 relevant fixed versions and status.
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.