GHSA-M724-HQMC-GGPX GluonCV Arbitrary File Write via TarSlip

A vulnerability in the ImageClassificationDataset.fromcsv API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can...

GluonCV Arbitrary File Write via TarSlip

A vulnerability in the ImageClassificationDataset.fromcsv API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can...

al-for-design (=0.0.1), autogluon (>=0.0.4 <=0.5.3b20221114) +42 more potentially affected by CVE-2024-12216 via gluoncv (>=0.10.3.post0 <=0.9.0)

gluoncv PYPI version =0.10.3.post0, =0.0.4, =0.0.15b20201024, =0.0.15b20201024, =0.0.15b20201024, =1.0.0, =0.1.1, =0.1.0, =0.0.6, =0.0.3, =0.0.1, =0.0.20 - monk-colab =0.0.1 - monk-colab-test =0.0.1 - monk-cpu =0.0.1 - monk-cpu-test =0.0.11 and more Source cves: CVE-2024-12216 Source advisory:...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview gluoncv is a Gluon CV Toolkit Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the fromcsv function in ImageClassificationDataset. An attacker can overwrite files on the victim's system by using this function to extract maliciou...