Versions of the package onnx prior to 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linuxfoundation onnx |