CVE-2024-27318

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions onnx versions prior to 1.15.0

Description The issue allows Directory Traversal as the external data field of the tensor proto can have a path to a file outside the model's current directory or user-provided directory. This vulnerability occurs as a bypass for a previously added patch.

Recommendations For versions prior to 1.15.0, update to a version later than 1.15.0 to resolve the issue. As a temporary workaround, consider restricting access to the external data field of the tensor proto to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

AZL-34464

AZL-35146

CVE-2024-27318

GHSA-WHH8-FJGC-QP73

OPENSUSE-SU-2024:13803-1

PYSEC-2024-222

Affected Products

Onnx

CVE-2024-27318

Weakness Enumeration

Related Identifiers

Affected Products

References · 19