Lucene search

GoogleOSV:PYSEC-2023-38

HistoryJan 26, 2023 - 9:15 p.m.

PYSEC-2023-38

2023-01-2621:15:00

Google

osv.dev

onnx

directory traversal

tensor.proto

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.2%

JSON

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example “…/…/…/etc/passwd”

CPENameOperatorVersion
onnxeq1.1.0
onnxeq1.4.1
onnxeq1.8.0
onnxeq1.2.1
onnxeq1.1.2
onnxeq1.8.1
onnxeq1.0.1
onnxeq1.5.0
onnxeq1.4.0
onnxeq1.6.0

Name	Operator	Version
onnx	eq	1.1.0
onnx	eq	1.4.1
onnx	eq	1.8.0
onnx	eq	1.2.1
onnx	eq	1.1.2
onnx	eq	1.8.1
onnx	eq	1.0.1
onnx	eq	1.5.0
onnx	eq	1.4.0
onnx	eq	1.6.0

Rows per page:

1-10 of 251

References

gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856

github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129

github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d

github.com/onnx/onnx/issues/3991

github.com/onnx/onnx/pull/4400

security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.2%

JSON

Related for OSV:PYSEC-2023-38