-
Just like what I described in https://github.com/jthack/ffufai/issues/3
we can see both the URL and headers parameters are susceptible to RCE. For instance, a custom header could include any system c…
-
### 🐛 Describe the bug
We encountered an illegal memory access issue with `torch.compile` and customized torch library operator.
Here's one minimal example to reproduce:
```python
import torch…
-
Hi,
We are using this in our ci workflow for looking at vulnerable packages. We have remediated all the packages and currently there is no vulnerability but it is still throwing an error "_Vulnerabi…
-
### 🐛 Describe the bug
I have a small script to reproduce how a toy model and the following three features lead to an error when combined:
1. torch.compile
2. FSDP1 with cpu offloading
3. PyTorch …
-
`cypress-vite` depends on a vulnerable version of `vite` (5.0.2) as seen in the [package.json](https://github.com/mammadataei/cypress-vite/blob/main/package.json#L64) which is amongst the affected ver…
-
If a rebalance happens, we may read old values from the new instance as it is processing messages that were _processed but not committed_ on the old instance.
While this is actually a distributed sy…
-
There are lots of high and critical vulnerabilities that were scanned by [trivy](https://github.com/aquasecurity/trivy).
The scanning result of cluster-autoscaler:v1.23.0 is as follows, v1.22.0 and v…
-
### 🐛 Describe the bug
this simple code:
```python
import torch
def fn(x):
a = torch.cos(x)
b = torch.sin(a)
return b
new_fn = torch.compile(fn, backend="inductor")
input_tensor …
-
### What happened?
Last release still has the CVE-2024-24790 with critical vulnerability.
CVE-2024-24790 - Base Score: [9.8 CRITICAL]
### What did you expect to happen?
No critical or high vul…
-
It should be possible to add MITREs Common Attack Pattern Enumerations and Classifications (CAPEC) to a vulnerability in CSAF. This field should be optional like it is in CVE entries and may be an arr…