Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
MooreThreads torch_musa through all versions contains an unsafe deserialization vulnerability in torch_musa.utils.compare_tool. The compare_for_single_op() and nan_inf_track_for_single_op() functions use pickle.load() on user-controlled file paths without validation, allowing arbitrary code execution. An attacker can craft a malicious pickle file that executes arbitrary Python code when loaded, enabling remote code execution with the privileges of the victim process.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
torch_musa 安全漏洞
Vulnerability Description
torch_musa是Moore Threads Corporation开源的一个开源存储库。 torch_musa存在安全漏洞,该漏洞源于torch_musa.utils.compare_tool中存在不安全的反序列化,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A