Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XLinuxfoundation Onnx
APPLinuxfoundation< 1.21.0
Powiązane podatności
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to versio...
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up ...
Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers t...
A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, al...
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external...