{"id":"CVE-2022-25882","details":"Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example \"../../../etc/passwd\"","aliases":["GHSA-ffxj-547x-5j7c","PYSEC-2023-38"],"modified":"2026-04-11T22:01:38.760948Z","published":"2023-01-26T21:15:31.333Z","references":[{"type":"WEB","url":"https://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129"},{"type":"FIX","url":"https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d"},{"type":"FIX","url":"https://github.com/onnx/onnx/pull/4400"},{"type":"EVIDENCE","url":"https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479"},{"type":"EVIDENCE","url":"https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856"},{"type":"EVIDENCE","url":"https://github.com/onnx/onnx/issues/3991"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/onnx/onnx","events":[{"introduced":"0"},{"fixed":"1ba785612a79fe749aa1e478336e534743372639"},{"fixed":"f369b0e859024095d721f1d1612da5a8fa38988d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.13.0"}]}}],"versions":["v0.1","v0.2","v1.1.0","v1.3.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25882.json","vanir_signatures":[{"source":"https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d","target":{"file":"onnx/common/path.h"},"id":"CVE-2022-25882-0f884896","deprecated":false,"digest":{"line_hashes":["294267849857177954869038065398403025800","116866936142568544212450762786110382737"],"threshold":0.9},"signature_version":"v1","signature_type":"Line"},{"source":"https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d","target":{"file":"onnx/checker.cc"},"id":"CVE-2022-25882-a22b1eb9","deprecated":false,"digest":{"line_hashes":["140852066425541712802168204983283686848","159075992383580164584026964016564131465","300240074163715596157682743086266242467","172789922231202761091060370966157679821","112153765193335070721742738860480859742","193156842502559573432759836995091333593","189820502915280248919233585930976262099","10910522645806151768200731146679571042"],"threshold":0.9},"signature_version":"v1","signature_type":"Line"},{"source":"https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d","target":{"file":"onnx/common/path.cc"},"id":"CVE-2022-25882-b57b8290","deprecated":false,"digest":{"line_hashes":["230790867792095841097197400131578124462","211585359162340708665775267385157578671","167749466009662926405582170771257753781"],"threshold":0.9},"signature_version":"v1","signature_type":"Line"},{"source":"https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d","target":{"function":"check_tensor","file":"onnx/checker.cc"},"id":"CVE-2022-25882-e9290fe4","deprecated":false,"digest":{"length":3051,"function_hash":"236142197083740176217770268839943114454"},"signature_version":"v1","signature_type":"Function"}],"vanir_signatures_modified":"2026-04-11T22:01:38Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}