CVE-2023-5245

2023-11-1513:15:07

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-5245

fileutil.extract()

tensorflowmodel

vulnerability

code execution

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.5%

JSON

FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory.

When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract().

Arbitrary file creation can directly lead to code execution

Affected configurations

NVD

Node

combustmleapMatch0.18.0

combustmleapMatch0.23.0

CPENameOperatorVersion
combust:mleapcombust mleapeq0.18.0
combust:mleapcombust mleapeq0.23.0

CPE	Name	Operator	Version
combust:mleap	combust mleap	eq	0.18.0
combust:mleap	combust mleap	eq	0.23.0

CNA Affected

[
  {
    "collectionURL": "https://mvnrepository.com",
    "packageName": "ml.combust.mleap.mleap-tensorflow",
    "versions": [
      {
        "greaterThanOrEqual": "0.18.0",
        "lessThan": "0.23.1",
        "status": "affected",
        "version": "0.18.0",
        "versionType": "maven"
      }
    ]
  }
]