Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Open Neural Network Exchange 安全漏洞
Vulnerability Description
Open Neural Network Exchange(ONNX)是一个开放的生态系统,它使 AI 开发人员能够随着项目的发展选择合适的工具。 Open Neural Network Exchange 1.15.0 及之前版本存在安全漏洞,该漏洞源于external_data张量原型的字段可能具有模型当前目录或用户提供的目录之外的文件路径。
CVSS Information
N/A
Vulnerability Type
N/A