Fix CWE 502

[omri-alon24]

PR types

Others

PR changes

Others

Description

Fix CWE 502 : https://cwe.mitre.org/data/definitions/502.html

The paddlepaddle package is vulnerable to Deserialization of Untrusted Data. The load() and the load_program_state() functions in the io.py file uses the unsafe pickle.load() function to deserialize user-supplied file. A remote attacker can exploit this behavior by supplying specially-crafted input which, when deserialized, will result in arbitrary code execution on the affected machine.

[paddle-bot]

你的PR提交成功，感谢你对开源项目的贡献!
请关注后续CI自动化测试结果，详情请参考Paddle-CI手册。
Your PR has been submitted. Thanks for your contribution!
Please wait for the result of CI firstly. See Paddle CI Manual for details.

[CLAassistant]

All committers have signed the CLA.

[paddle-bot]

❌ The PR is not created using PR's template. You can refer to this Demo.
Please use PR's template, it helps save our maintainers' time so that more developers get helped.

[wanghuancoder]

LGTM

[luotao1]

@omri-alon24 Please sign the CLA

[omri-alon24]

I signed multiple times, but it keep saying 'not signed yet' בתאריך יום ג׳, 5 במרץ 2024, 04:37, מאת Tao Luo ***@***.***>:

…

image.png (view on web) <https://github.com/PaddlePaddle/Paddle/assets/6836917/4bcaa1dd-9bad-4f22-8c9c-bcdefa2130d3> @omri-alon24 <https://github.com/omri-alon24> Please sign the CLA — Reply to this email directly, view it on GitHub <#62345 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AIIGAHU6X7TT6DAQMVPTKU3YWUVWJAVCNFSM6AAAAABEEDX2X2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZXHA2DCNJZGY> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[luotao1]

There are two IDs in this PR, both two ID should sign CLA:

• omri-alon

• omri-alon24

[wanghuancoder]

LGTM