Arbitrary Code Execution via PyTorch Library Loading
Description
Loading custom operator libraries in PyTorch can result in arbitrary code execution. This can happen when using the `torch.classes.load_library` function with untrusted input.
Examples
Insecure Code
python
torch.classes.load_library('untrusted_library')Secure Code
python
torch.classes.load_library('trusted_library')Remediation
Validate and sanitize any input passed to `torch.classes.load_library` to prevent loading malicious libraries.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0470 |
| Category | Injection |
| Severity | CRITICAL |
| CWE | CWE-676 |
| Confidence | MEDIUM |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | arbitrary code execution, library loading |
| OWASP | N/A |