5 matches found
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through the saveexternaldata function. An attacker can overwrite arbitrary files or inject data into sensitive locations by exploiting a race...
ONNX: TOCTOU arbitrary file read/write in save_external_dat
Summary The saveexternaldata method seems to include multiple issues introducing a local TOCTOU vulnerability, an arbitrary file read/write on any system. It potentially includes a path validation bypass on Windows systems. Regarding the TOCTOU, an attacker seems to be able to overwrite victim's...
Directory Traversal
Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Directory Traversal via the saveexternaldata function. An attacker can overwrite arbitrary files by supplying crafted values to the externaldata.location parameter containing traversal sequences,...
CVE-2025-51480
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
UBUNTU-CVE-2025-51480
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...