Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ONNX: External Data Symlink Traversal
Vulnerability Description
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
CWE-61
Vulnerability Title
Open Neural Network Exchange 安全漏洞
Vulnerability Description
Open Neural Network Exchange是Open Neural Network Exchange开源的一个开放的生态系统,它使 AI 开发人员能够随着项目的发展选择合适的工具。 Open Neural Network Exchange 1.21.0之前版本存在安全漏洞,该漏洞源于外部数据加载中存在符号链接遍历,可能读取模型目录外的文件。
CVSS Information
N/A
Vulnerability Type
N/A