CVE-2024-27318

CVSS V2 None CVSS V3 None
Description
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.
Overview
  • CVE ID
  • CVE-2024-27318
  • Assigner
  • HiddenLayer
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-02-23T17:37:36.715Z
  • Last Modified Date
  • 2024-02-23T17:37:36.715Z
History
Created Old Value New Value Data Type Notes
2024-06-26 02:13:11 Added to TrackCVE