HIGH🇬🇧 English

CVE-2025-51480

CVSS 8.8v3.1pub. 2025-07-22upd. 2025-10-08

Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Linuxfoundation Onnx

    APP
    Linuxfoundation
    1.17.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2026-34445HIGH8.6ten sam produkt

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to versio...

CVE-2026-27489HIGH8.7ten sam produkt

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to versio...

CVE-2026-28500HIGH8.6ten sam produkt

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up ...

CVE-2024-5187HIGH8.8ten sam produkt

A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, al...

CVE-2024-27318HIGH7.5ten sam produkt

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external...