Количество 2
Количество 2
CVE-2024-12216
A vulnerability in the `ImageClassificationDataset.from_csv()` API of the `dmlc/gluon-cv` repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts `tar.gz` files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can exploit this by crafting malicious tar files that, when extracted, can overwrite files on the victim's system via path traversal or faked symlinks.
GHSA-m724-hqmc-ggpx
GluonCV Arbitrary File Write via TarSlip
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-12216 A vulnerability in the `ImageClassificationDataset.from_csv()` API of the `dmlc/gluon-cv` repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts `tar.gz` files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can exploit this by crafting malicious tar files that, when extracted, can overwrite files on the victim's system via path traversal or faked symlinks. | CVSS3: 7.1 | 0% Низкий | 11 месяцев назад |
| GHSA-m724-hqmc-ggpx GluonCV Arbitrary File Write via TarSlip | CVSS3: 7.1 | 0% Низкий | 11 месяцев назад |
Уязвимостей на страницу