{"id":"CVE-2022-45907","details":"In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.","aliases":["BIT-pytorch-2022-45907","GHSA-47fc-vmwq-366v","PYSEC-2022-43015"],"modified":"2026-03-15T14:49:56.321099Z","published":"2022-11-26T02:15:10.253Z","references":[{"type":"FIX","url":"https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3"},{"type":"FIX","url":"https://github.com/pytorch/pytorch/issues/88868"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pytorch/pytorch","events":[{"introduced":"0"},{"fixed":"49444c3e546bf240bed24a101e747422d1f8a0ee"},{"fixed":"767f6aa49fe20a2766b9843d01e3b7f7793df6a3"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.13.1"}]}}],"versions":["ciflow/periodic/054a2fd","ciflow/periodic/2a6d37d","ciflow/periodic/317eeb8","ciflow/periodic/3c32","ciflow/periodic/csl/test87519","ciflow/periodic/csltest88275","ciflow/periodic/csltest88761","ciflow/periodic/sha-ec5b83","malfet/tag-2ef5611","malfet/tag-317b1a0","malfet/tag-ec6f767","nightly-binary","v0.1.1","v0.1.10","v0.1.11","v0.1.2","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.1.9","v1.0.0a0","v1.0rc0","v1.0rc1","v1.1.0a0","v1.2.0a0","v1.3.0a0","v1.4.0a0","v1.8.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45907.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}