CVE-2024-27763 Information

Description

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where \scontrol show hostname\ is executed in the presence of a crafted SLURM_NODELIST environment variable.

Reference

https://gist.github.com/aydinnyunus/40e1d8a3b529261ae654ff4891f1e192 https://github.com/XPixelGroup/BasicSR/blob/master/basicsr/utils/dist_util.py#L44