Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download
Vulnerability Description
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path validation, while other similar download functions in the same codebase properly use the existing `safe_extract_member()` function. Commit 4014c8475626f20f158921ae0cf98ed259ae4d59 fixes this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
MONAI 路径遍历漏洞
Vulnerability Description
MONAI是Project MONAI开源的一个医疗成像AI工具包。 MONAI 1.5.1及之前版本存在路径遍历漏洞,该漏洞源于_download_from_ngc_private函数使用zipfile.ZipFile.extractall时未进行路径验证,可能导致路径遍历攻击。
CVSS Information
N/A
Vulnerability Type
N/A