CVE-2024-36736

CRITICAL

OneFlow-Inc. Oneflow <0.9.1 - Info Disclosure

Title source: llm

Description

An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed.

References (1)

[Third Party Advisory] https://gist.github.com/Redmept1on/6de04fb6c7af6956973fe2765c4d4576

Scores

CVSS v3 9.8

EPSS 0.0010

EPSS Percentile 27.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-682

Status published

Products (1)

oneflow/oneflow 0.9.1

Published Jun 06, 2024

Tracked Since Feb 18, 2026