Описание
scio is vunerable to Remote Command Execution through PyTorch
Impact
PyTorch reported a critical vulnerability when using torch.load, even with option weights_only=True, for torch <= 2.5.1.
In scio <= 1.0.0, the lower bound for torch is 2.3.
Patches
The lower bound was changed to torch >= 2.6, starting from scio >= 1.0.1 (currently in dev state).
Workarounds
You can manually check that you are using torch >= 2.6.
Пакеты
Наименование
scio-pypi
pip
Затронутые версииВерсия исправления
<= 1.0.0
Отсутствует
9.3 Critical
CVSS4
Дефекты
CWE-502
9.3 Critical
CVSS4
Дефекты
CWE-502