CVE-2024-0817
Published: 07 March 2024
Summary
CVE-2024-0817 is a high-severity Command Injection (CWE-77) vulnerability in Paddlepaddle Paddlepaddle. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 48.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Other ATLAS/OWASP Terms risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-0919
Vulnerability details
Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0
- CWE(s)
AI Security AnalysisAI
- AI Category
- Deep Learning Frameworks
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- PaddlePaddle is a deep learning framework similar to TensorFlow/PyTorch, and the vulnerability is a command injection in its IrGraph.draw function, confirming it affects a core DL framework.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The command injection vulnerability (CVE-2024-0817) in IrGraph.draw enables exploitation of the PaddlePaddle library for arbitrary code execution (T1203), facilitating the execution of operating system commands via command and scripting interpreters (T1059).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.