{"id":"PYSEC-2023-38","details":"Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example \"../../../etc/passwd\"","aliases":["CVE-2022-25882","GHSA-ffxj-547x-5j7c"],"modified":"2023-11-08T04:08:50.586068Z","published":"2023-01-26T21:15:00Z","references":[{"type":"WEB","url":"https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856"},{"type":"REPORT","url":"https://github.com/onnx/onnx/issues/3991"},{"type":"WEB","url":"https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479"},{"type":"WEB","url":"https://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129"},{"type":"FIX","url":"https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d"},{"type":"WEB","url":"https://github.com/onnx/onnx/pull/4400"}],"affected":[{"package":{"name":"onnx","ecosystem":"PyPI","purl":"pkg:pypi/onnx"},"ranges":[{"type":"GIT","repo":"https://github.com/onnx/onnx","events":[{"introduced":"0"},{"fixed":"f369b0e859024095d721f1d1612da5a8fa38988d"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.13.0"}]}],"versions":["0.1","0.2","0.2.1","1.0.0","1.0.1","1.1.0","1.1.1","1.1.2","1.10.0","1.10.1","1.10.2","1.11.0","1.12.0","1.2.1","1.2.2","1.2.3","1.3.0","1.4.0","1.4.1","1.5.0","1.6.0","1.7.0","1.8.0","1.8.1","1.9.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/onnx/PYSEC-2023-38.yaml"}}],"schema_version":"1.7.3"}