CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5187 – Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx
https://notcve.org/view.php?id=CVE-2024-5187
06 Jun 2024 — A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system, potentially leading to remote code execution, deletion of system, personal, or application files, thus impacting the integrity and availability of the system. The issue arises from the function's handling of tar fil... • https://huntr.com/bounties/50235ebd-3410-4ada-b064-1a648e11237e • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 3CVE-2022-25882
https://notcve.org/view.php?id=CVE-2022-25882
25 Jan 2023 — Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd" Las versiones del paquete onnx anteriores a la 1.13.0 son vulnerables a Directory Traversal ya que el campo external_data del tensor proto puede tener una ruta al archivo que está fuera del directorio actual del modelo o del directorio proporcionado... • https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •