{"id":"PYSEC-2024-222","details":"Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.\n","aliases":["CVE-2024-27318","GHSA-whh8-fjgc-qp73"],"modified":"2025-01-22T16:56:46.917347Z","published":"2024-02-23T18:15:50Z","references":[{"type":"FIX","url":"https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/"},{"type":"WEB","url":"https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479"}],"affected":[{"package":{"name":"onnx","ecosystem":"PyPI","purl":"pkg:pypi/onnx"},"ranges":[{"type":"GIT","repo":"https://github.com/onnx/onnx","events":[{"introduced":"0"},{"fixed":"66b7fb630903fdcf3e83b6b6d56d82e904264a20"},{"fixed":"66b7fb630903fdcf3e83b6b6d56d82e904264a20"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.0"}]}],"versions":["0.1","0.2","0.2.1","1.0.0","1.0.1","1.1.0","1.1.1","1.1.2","1.10.0","1.10.1","1.10.2","1.11.0","1.12.0","1.13.0","1.13.1","1.14.0","1.14.1","1.15.0","1.2.1","1.2.2","1.2.3","1.3.0","1.4.0","1.4.1","1.5.0","1.6.0","1.7.0","1.8.0","1.8.1","1.9.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/onnx/PYSEC-2024-222.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}