4 matches found
al-for-design (=0.0.1), autogluon (>=0.0.4 <=0.5.3b20221014) +42 more potentially affected by CVE-2024-12216 via gluoncv (>=0.10.3.post0 <=0.9.0)
gluoncv PYPI version =0.10.3.post0, =0.0.4, =0.0.15b20201024, =0.0.15b20201024, =0.0.15b20201024, =1.0.0, =0.1.1, =0.1.0, =0.0.6, =0.0.3, =0.0.1, =0.0.20 - monk-colab =0.0.1 - monk-colab-test =0.0.1 - monk-cpu =0.0.1 - monk-cpu-test =0.0.11 and more Source cves: CVE-2024-12216 Source advisory:...
CVE-2024-12216
A vulnerability in the ImageClassificationDataset.fromcsv API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can...
CVE-2024-12216 Arbitrary File Write via TarSlip in dmlc/gluon-cv
A vulnerability in the ImageClassificationDataset.fromcsv API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can...
CVE-2024-12216
The CVE-2024-12216 issue affects dmlc/gluon-cv 0.10.0, specifically ImageClassificationDataset.from_csv(). The vulnerability arises because tar.gz files downloaded from URLs are extracted without proper sanitization, enabling TarSlip via path traversal or faked symlinks to overwrite arbitrary fil...