Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Open Neural Network Exchange 路径遍历漏洞
Vulnerability Description
Open Neural Network Exchange(ONNX)是一个开放的生态系统,它使 AI 开发人员能够随着项目的发展选择合适的工具。 Open Neural Network Exchange 1.13.0 版本存在安全漏洞,该漏洞源于 tensor proto 的 external_data 字段可能指向违背允许访问的路径。
CVSS Information
N/A
Vulnerability Type
N/A