CVE-2024-7776

Опубликовано: 20 мар. 2025

Источник: nvd

CVSS3: 8.1

CVSS3: 9.1

EPSS Низкий

Описание

A vulnerability in the download_model function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.

Ссылки

https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63
Exploit
Third Party Advisory
https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:onnx:onnx:*:*:*:*:*:*:*:*

Версия до 1.16.1 (включая)

EPSS

Процентиль: 80%

0.01605

Низкий

8.1 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-22

Связанные уязвимости

CVE-2024-7776

CVSS3: 9.1

ubuntu

8 месяцев назад

A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.

CVE-2024-7776

CVSS3: 9.1

msrc

8 месяцев назад

Описание отсутствует

CVE-2024-7776

CVSS3: 9.1

debian

8 месяцев назад

A vulnerability in the `download_model` function of the onnx/onnx fram ...

GHSA-h36j-8vv3-cj52

CVSS3: 8.1

github

8 месяцев назад

Open Neural Network Exchange (ONNX) Path Traversal Vulnerability

EPSS

Процентиль: 80%

0.01605

Низкий

8.1 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-22