Jayashwas

**Name of the Vulnerable Software and Affected Versions** ONNX versions prior to 1.21.0 **Description** ONNX versions prior to 1.21.0 contain a symlink traversal vulnerability in the external data loading process. This flaw allows reading files outside the intended model directory. The vulnerability resides in the `resolve external data location` function, used via Python `onnx.external data helper.load external data for model`. The issue arises because the function fails to adequately reject symlinks, allowing a symlink within the model directory to point to a file outside of it. This can lead to arbitrary file read, potentially resulting in a confidentiality breach. A proof of concept (PoC) demonstrates creating a symlink within the model directory that points to a system file, and then successfully reading the contents of that system file through the external data loading mechanism. **Recommendations** Update to ONNX version 1.21.0 or later.