{"id":"PYSEC-2022-43015","details":"In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.","aliases":["BIT-pytorch-2022-45907","CVE-2022-45907","GHSA-47fc-vmwq-366v"],"modified":"2023-12-06T01:02:42.829739Z","published":"2022-11-26T02:15:00Z","references":[{"type":"FIX","url":"https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3"},{"type":"FIX","url":"https://github.com/pytorch/pytorch/issues/88868"}],"affected":[{"package":{"name":"torch","ecosystem":"PyPI","purl":"pkg:pypi/torch"},"ranges":[{"type":"GIT","repo":"https://github.com/pytorch/pytorch","events":[{"introduced":"0"},{"fixed":"767f6aa49fe20a2766b9843d01e3b7f7793df6a3"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.13.1"}]}],"versions":["1.0.0","1.0.1","1.0.1.post2","1.1.0","1.1.0.post2","1.10.0","1.10.1","1.10.2","1.11.0","1.12.0","1.12.1","1.13.0","1.2.0","1.3.0","1.3.0.post2","1.3.1","1.4.0","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.8.1","1.9.0","1.9.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2022-43015.yaml"}}],"schema_version":"1.7.3"}