CVE-2022-25882
Summary
| CVE | CVE-2022-25882 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-01-26 21:15:00 UTC |
|---|
| Updated | 2023-11-07 03:44:00 UTC |
|---|
| Description | Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd" |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Do not allow to read tensor's external_data outside the model directo… · onnx/onnx@f369b0e · GitHub |
MISC |
github.com |
|
| Directory Traversal in onnx | CVE-2022-25882 | Snyk |
MISC |
security.snyk.io |
|
| The onnx runtime allow to load the external_data from the file outside the folder · Issue #3991 · onnx/onnx · GitHub |
MISC |
github.com |
|
| Do not allow to read tensor's external_data outside the model directory by jnovikov · Pull Request #4400 · onnx/onnx · GitHub |
MISC |
github.com |
|
| Onnx runtime poc · GitHub |
MISC |
gist.github.com |
|
| github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/... |
MISC |
github.com |
|
| onnx/checker.cc at 96516aecd4c110b0ac57eba08ac236ebf7205728 · onnx/onnx · GitHub |
MITRE |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 906748 Common Base Linux Mariner (CBL-Mariner) Security Update for pytorch (25854-1)
