CVE-2022-25882 - OpenCVE

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linuxfoundation	Onnx

Configuration 1 [-]

cpe:2.3:a:linuxfoundation:onnx:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856
https://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129
https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d
https://github.com/onnx/onnx/issues/3991
https://github.com/onnx/onnx/pull/4400
https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2023-01-25T05:00:02.847Z

Updated: 2024-08-03T04:49:44.161Z

Reserved: 2022-02-24T11:58:16.846Z

Link: CVE-2022-25882

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-26T21:15:31.333

Modified: 2023-11-07T03:44:51.890

Link: CVE-2022-25882

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-25882", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2022-02-24T11:58:16.846Z", "datePublished": "2023-01-25T05:00:02.847Z", "dateUpdated": "2024-08-03T04:49:44.161Z"}, "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P"}}], "credits": [{"value": "jnovikov", "lang": "en"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "Directory Traversal", "lang": "en"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2023-01-25T05:00:02.847Z"}, "descriptions": [{"value": "Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example \"../../../etc/passwd\"", "lang": "en"}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479"}, {"url": "https://github.com/onnx/onnx/issues/3991"}, {"url": "https://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129"}, {"url": "https://github.com/onnx/onnx/pull/4400"}, {"url": "https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d"}, {"url": "https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856"}], "affected": [{"product": "onnx", "versions": [{"version": "0", "lessThan": "1.13.0", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:49:44.161Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479", "tags": ["x_transferred"]}, {"url": "https://github.com/onnx/onnx/issues/3991", "tags": ["x_transferred"]}, {"url": "https://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129", "tags": ["x_transferred"]}, {"url": "https://github.com/onnx/onnx/pull/4400", "tags": ["x_transferred"]}, {"url": "https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:onnx:*:*:*:*:*:*:*:*", "matchCriteriaId": "19431039-E312-4320-AA6C-D88EE31CE1B5", "versionEndExcluding": "1.13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example \"../../../etc/passwd\""}, {"lang": "es", "value": "Las versiones del paquete onnx anteriores a la 1.13.0 son vulnerables a Directory Traversal ya que el campo external_data del tensor proto puede tener una ruta al archivo que est\u00e1 fuera del directorio actual del modelo o del directorio proporcionado por el usuario, por ejemplo \"../.. /../etc/contrase\u00f1a\""}], "id": "CVE-2022-25882", "lastModified": "2023-11-07T03:44:51.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2023-01-26T21:15:31.333", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856"}, {"source": "report@snyk.io", "tags": ["Broken Link"], "url": "https://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/onnx/onnx/issues/3991"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/onnx/onnx/pull/4400"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "report@snyk.io", "type": "Secondary"}]}