CVE-2024-10372

A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function downloadmodel of the file buzz/modelloader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an...

Directory Traversal

Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Directory Traversal via the downloadmodel function. An attacker can overwrite files in the user's directory by exploiting inadequate prevention of path traversal attacks in malicious tar files...

Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...

CVE-2024-7776

A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...

AZL-59201 CVE-2024-7776 affecting package pytorch for versions less than 2.2.2-5

A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...

CVE-2024-7033 Arbitrary File Write in open-webui/open-webui

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...

CVE-2024-10372 chidiwilliams buzz model_loader.py download_model temp file

A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function downloadmodel of the file buzz/modelloader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an...

Buzz 安全漏洞

Buzz is a tool by the individual developer Chidi Williams. It is used to transcribe and translate audio offline on a personal computer. A security vulnerability exists in Buzz version 1.1.0, which stems from a function downloadmodel in the file buzz/modelloader.py that results in an insecure...