7 matches found
EUVD-2025-6946
Malicious code in bioql PyPI...
EUVD-2025-7031
Malicious code in bioql PyPI...
tar-fs 安全漏洞
tar-fs is a tar-stream file system bundle. A security vulnerability exists in tar-fs versions prior to 1.16.4, prior to 2.1.2, and prior to 3.0.8, which originates from path traversal when decompressing a malicious tar file...
CVE-2024-7776
A flaw was found in the ONNX framework. This vulnerability allows arbitrary file overwrite via a path traversal attack in malicious tar files. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprisi...
CVE-2024-12216 Arbitrary File Write via TarSlip in dmlc/gluon-cv
A vulnerability in the ImageClassificationDataset.fromcsv API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can...
CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx
A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
Open Neural Network Exchange Path Traversal Vulnerability
Open Neural Network Exchange ONNX is an open ecosystem that enables AI developers to choose the right tools as their projects evolve. A path traversal vulnerability exists in Open Neural Network Exchange version 1.16.0, which stems from insufficient protection against path traversal attacks in...