CVE-2024-5187
- EPSS 1.94%
- Veröffentlicht 06.06.2024 19:16:06
- Zuletzt bearbeitet 21.11.2024 09:47:09
A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables ...
CVE-2024-27318
- EPSS 0.16%
- Veröffentlicht 23.02.2024 18:15:50
- Zuletzt bearbeitet 13.02.2025 18:17:29
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vul...
CVE-2024-27319
- EPSS 0.06%
- Veröffentlicht 23.02.2024 18:15:50
- Zuletzt bearbeitet 13.02.2025 18:17:29
Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.
CVE-2022-25882
- EPSS 5.24%
- Veröffentlicht 26.01.2023 21:15:31
- Zuletzt bearbeitet 01.04.2025 15:15:52
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../.....