A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system, potentially leading to remote code execution, deletion of system, personal, or application files, thus impacting the integrity and availability of the system. The issue arises from the function's handling of tar file extraction without performing security checks on the paths within the tar file, as demonstrated by the ability to overwrite the `/home/kali/.ssh/authorized_keys` file by specifying an absolute path in the malicious tar file.
Open Neural Network Exchange
Library home page: https://files.pythonhosted.org/packages/f7/18/d23e3fdc4226373377614eec2fca6fd13a23fd47651e9a741e131db05540/onnx-1.14.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Found in HEAD commit: 634ec3fa038b6d94895a9e75b83f5358c01f8544
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-5187
### Vulnerable Library - onnx-1.14.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whlOpen Neural Network Exchange
Library home page: https://files.pythonhosted.org/packages/f7/18/d23e3fdc4226373377614eec2fca6fd13a23fd47651e9a741e131db05540/onnx-1.14.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy: - :x: **onnx-1.14.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl** (Vulnerable Library)
Found in HEAD commit: 634ec3fa038b6d94895a9e75b83f5358c01f8544
Found in base branch: main
### Vulnerability DetailsA vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system, potentially leading to remote code execution, deletion of system, personal, or application files, thus impacting the integrity and availability of the system. The issue arises from the function's handling of tar file extraction without performing security checks on the paths within the tar file, as demonstrated by the ability to overwrite the `/home/kali/.ssh/authorized_keys` file by specifying an absolute path in the malicious tar file.
Publish Date: 2024-06-06
URL: CVE-2024-5187
### CVSS 3 Score Details (8.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2024-06-06
Fix Resolution: 1.16.2
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)