Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: HiddenLayer
Published: 2024-02-23T17:37:36.715Z
Updated: 2024-08-14T15:46:57.827Z
Reserved: 2024-02-23T16:59:23.009Z
Link: CVE-2024-27318
Vulnrichment
Updated: 2024-08-02T00:34:51.388Z
NVD
Status : Awaiting Analysis
Published: 2024-02-23T18:15:50.767
Modified: 2024-03-30T02:15:08.007
Link: CVE-2024-27318
Redhat
No data.