CVE-2024-7776

Name of the Vulnerable Software and Affected Versions onnx/onnx framework version 1.16.1 and earlier

Description A vulnerability in the download model function of the onnx/onnx framework allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This issue can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.

Recommendations For onnx/onnx framework version 1.16.1 and earlier, update to a version later than 1.16.1 to resolve the issue. As a temporary workaround, consider disabling the download model function until a patch is available. Restrict access to malicious tar files to minimize the risk of exploitation. Avoid using the download model function with untrusted input until the issue is resolved.