Skip to content

[GHSA-c678-jfcj-6jmf] A vulnerability was found in PyTorch 2.6.0+cu124. It has... #5512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: cx-aditya-dixit/advisory-improvement-5512
Choose a base branch
from
Open

[GHSA-c678-jfcj-6jmf] A vulnerability was found in PyTorch 2.6.0+cu124. It has... #5512

wants to merge 1 commit into from

Conversation

cx-aditya-dixit
Copy link

Updates

  • Affected products
  • CVSS v3
  • CVSS v4
  • Summary

Comments
The Vulnerability was introduced in 1.6.0-rc1 and has not been fixed yet. Just need to handle the parameters and validate as this is a compile-time error.

@github-actions github-actions bot changed the base branch from main to cx-aditya-dixit/advisory-improvement-5512 May 8, 2025 12:33
@shelbyc
Copy link
Contributor

shelbyc commented May 8, 2025

Hi @cx-aditya-dixit, can you provide a pull request or a commit to demonstrate that CVE-2025-2148 was introduced in version 1.6.0-rc1?

Also, the PR currently sets the vulnerable version range to < 1.6.0. Did you mean to set it to >= 1.6.0-rc1 (or, for example, >= 1.6.0-rc1, <= 2.6.0) to indicate that the issue was introduced in 1.6.0-rc1?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cx-aditya-dixit @shelbyc