Ubuntu 24.04 LTS : ONNX vulnerability (USN-8307-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8307-1 advisory. It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to...

USN-8307-1 onnx vulnerability

It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...

USN-8307-1: ONNX vulnerability

It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to missing canonicalization of destination file paths during model downloads. The createNewFile function in pkg/agent/storage/https.go previously used the fileFullName argument directly without cleaning, allowing...