CVE-2022-25882

Name of the Vulnerable Software and Affected Versions onnx versions prior to 1.13.0

Description The issue allows Directory Traversal, where the external data field of the tensor proto can contain a path to a file outside the model's current directory or user-provided directory. For example, an attacker could use a path like "../../../etc/passwd".

Recommendations For versions prior to 1.13.0, update to version 1.13.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.