10 matches found
CVE-2024-27318
CVE-2024-27318 affects the ONNX package: versions up to and including 1.15.0 are vulnerable to a Directory Traversal in the external_data field of the tensor proto, which can reference files outside the model directory or user-provided directory. The issue is described as a bypass of the patch fo...
CVE-2024-27319
CVE-2024-27319 affects the ONNX package: versions 1.15.0 and earlier are vulnerable due to an off-by-one string copy in ONNX_ASSERT/ONNX_ASSERTM, causing an out-of-bounds read. Connected advisories confirm the issue across multiple platforms and note remediation by upgrading ONNX (e.g., IBM’s adv...
CVE-2022-25882
CVE-2022-25882 affects onnx before 1.13.0, where the external_data field of the tensor proto can contain a path outside the model directory (example: ../../../etc/passwd), enabling directory traversal. This could impact confidentiality. Remediation: upgrade to onnx 1.13.0 or later. The provided d...
CVE-2024-5187
CVE-2024-5187 affects onnx/onnx 1.16.0: download_model_with_test_data allows path traversal during tar extraction, enabling arbitrary file overwrites (e.g., /home/kali/.ssh/authorized_keys) and potential remote code execution. Connected Nessus entry notes exposure on Azure Linux due to older PyTo...
CVE-2026-34445
CVE-2026-34445 affects ONNX prior to version 1.21.0, where ExternalDataInfo used Python setattr() to load metadata directly from model files without validating keys, enabling a malicious model to overwrite internal object properties. Impact is mainly availability (HIGH) with confidentiality and i...
CVE-2025-51480
A CVE-2025-51480 exists for ONNX 1.17.0 reporting a path traversal flaw in onnx.external_data_helper.save_external_data that lets an attacker overwrite arbitrary files by crafted external_data.location traversal sequences. Affected component is ONNX 1.17.0; root cause involves directory traversal...
CVE-2026-28500
CVE-2026-28500 affects ONNX up to v1.20.1 where onnx.hub.load() bypasses security checks due to flawed repository trust logic. The silent=True flag silences warnings and prompts, enabling a vector for zero-interaction supply-chain attacks. When combined with filesystem vulnerabilities, an attacke...
CVE-2026-27489
CVE-2026-27489: Open Neural Network Exchange (ONNX) prior to 1.21.0 suffers a path-traversal via symlink vulnerability that allows reading files outside the model or user directory. Affected product detail in IBM Watson Speech Services Cartridge (versions 4.0.0–5.3.1); fix is in 5.3.1 Patch 5 (5....
CVE-2026-34446
CVE-2026-34446 affects Open Neural Network Exchange (ONNX). The vulnerability is in onnx.load where hardlinks can bypass the path-traversal check, allowing an arbitrary file read. The issue is fixed in ONNX 1.21.0. Impact is described as arbitrary file read with LOCAL attack vector and MEDIUM bas...
CVE-2026-34447
Onnx ONNX prior to version 1.21.0 has a symlink traversal vulnerability in external data loading that can read files outside the model directory. Affected component: ONNX data loading logic. Root cause: symlink traversal allowing access to restricted files. Impact: potential confidentiality breac...