AikidoSec · sampion88 · Jan 30, 2025 · Jan 29, 2025 · Jan 29, 2025 · Jan 29, 2025
diff --git a/input/new.json b/input/new.json
@@ -1,15 +1,17 @@
 {
-  "package_name": "",
-  "patch_versions": [],
-  "vulnerable_ranges": [],
-  "cwe": [],
-  "tldr": "",
-  "doest_this_affect_me": "",
-  "how_to_fix": "",
-  "vulnerable_to": "",
+  "package_name": "torch",
+  "patch_versions": ["2.6.0"],
+  "vulnerable_ranges": [
+    ["1.0.0", "2.5.1"]
+  ],
+  "cwe": ["CWE-94"],
+  "tldr": "By default, affected versions of this package handle unpickling with `weights_only=False`, which relies on Python's insecure pickle module, allowing the execution of arbitrary code embedded in malicious pickle files. Attackers can exploit this flaw for remote code execution (RCE). The current patched version fixes it by setting `weights_only=True` by default, which mitigates the risk by restricting unpickling to safe tensor classes.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `torch` library to the patch version.",
+  "vulnerable_to": "Remote Code Execution (RCE)",
   "related_cve_id": "",
-  "language": "",
-  "severity_class": "",
-  "aikido_score": 0,
-  "changelog": ""
+  "language": "Python",
+  "severity_class": "HIGH",
+  "aikido_score": 85,
+  "changelog": "https://github.com/pytorch/pytorch/releases/tag/v2.6.0"
 }