Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2025/03/20 10:51 a.m.6 views

al-for-design (=0.0.1), autogluon (>=0.0.4 <=0.5.3b20221014) +42 more potentially affected by CVE-2024-12216 via gluoncv (>=0.10.3.post0 <=0.9.0)

gluoncv PYPI version =0.10.3.post0, =0.0.4, =0.0.15b20201024, =0.0.15b20201024, =0.0.15b20201024, =1.0.0, =0.1.1, =0.1.0, =0.0.6, =0.0.3, =0.0.1, =0.0.20 - monk-colab =0.0.1 - monk-colab-test =0.0.1 - monk-cpu =0.0.1 - monk-cpu-test =0.0.11 and more Source cves: CVE-2024-12216 Source advisory:...

7.1CVSS7AI score0.00293EPSS
Exploits0
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-12216

A vulnerability in the ImageClassificationDataset.fromcsv API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can...

7.1CVSS0.00293EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.9 views

CVE-2024-12216 Arbitrary File Write via TarSlip in dmlc/gluon-cv

A vulnerability in the ImageClassificationDataset.fromcsv API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can...

7.1CVSS0.00293EPSS
Exploits0References1
CVE
CVE
added 2025/03/20 10:9 a.m.48 views

CVE-2024-12216

The CVE-2024-12216 issue affects dmlc/gluon-cv 0.10.0, specifically ImageClassificationDataset.from_csv(). The vulnerability arises because tar.gz files downloaded from URLs are extracted without proper sanitization, enabling TarSlip via path traversal or faked symlinks to overwrite arbitrary fil...

7.1CVSS7AI score0.00293EPSS
Exploits0References1
Rows per page
Query Builder