漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Vulnerability Description
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the filesystem. This issue has been patched in version 1.21.0.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Open Neural Network Exchange 安全漏洞
Vulnerability Description
Open Neural Network Exchange是Open Neural Network Exchange开源的一个开放的生态系统,它使 AI 开发人员能够随着项目的发展选择合适的工具。 Open Neural Network Exchange 1.21.0之前版本存在安全漏洞,该漏洞源于onnx.load检查符号链接以防止路径遍历,但完全忽略了硬链接,因为硬链接在文件系统上看起来与常规文件完全相同。
CVSS Information
N/A
Vulnerability Type
N/A