Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Vulnerability Description
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the filesystem. This issue has been patched in version 1.21.0.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Open Neural Network Exchange 安全漏洞
Vulnerability Description
Open Neural Network Exchange是Open Neural Network Exchange开源的一个开放的生态系统,它使 AI 开发人员能够随着项目的发展选择合适的工具。 Open Neural Network Exchange 1.21.0之前版本存在安全漏洞,该漏洞源于onnx.load检查符号链接以防止路径遍历,但完全忽略了硬链接,因为硬链接在文件系统上看起来与常规文件完全相同。
CVSS Information
N/A
Vulnerability Type
N/A