EUVD-2025-7031

Malicious code in bioql PyPI...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview gluoncv is a Gluon CV Toolkit Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the fromcsv function in ImageClassificationDataset. An attacker can overwrite files on the victim's system by using this function to extract maliciou...

CVE-2024-12216

The CVE-2024-12216 issue affects dmlc/gluon-cv 0.10.0, specifically ImageClassificationDataset.from_csv(). The vulnerability arises because tar.gz files downloaded from URLs are extracted without proper sanitization, enabling TarSlip via path traversal or faked symlinks to overwrite arbitrary fil...