CVE-2022-25882
Description
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"
References
ExploitThird Party Advisory
ExploitThird Party Advisory
ExploitThird Party Advisory
Broken Link
PatchThird Party Advisory
PatchThird Party Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics