RSS   Vulnerabilities for 'Sockeye'   RSS

2021-12-08
 
CVE-2021-43811

CWE-94
 

 
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24.

 

 >>> Vendor: Amazon 26 Products
Kindle touch
Kindle for pc
Merchant sdk
Elastic load balancing api tools
Flexible payments service
Ec2 api tools java library
Kindle
Fire os
Workspaces
Amazon key firmware
Amazon music
Payfort
Payfort-php-sdk
Amazon web services freertos
Freertos
Amazon web services software development kit
Freertos\+fat
Audible
Firecracker
Aws-lambda
Aws javascript s3 explorer
Tough
Aws s3 crypto sdk
Sockeye
Aws opensearch
Aws client vpn


Copyright 2024, cxsecurity.com

 

Back to Top