CVE-2024-12216
A vulnerability in the `ImageClassificationDataset.from_csv()` API of the `dmlc/gluon-cv` repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts `tar.gz` files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can exploit this by crafting malicious tar files that, when extracted, can overwrite files on the victim's system via path traversal or faked symlinks.
Vendor
-
Product
-
CWE
Yayın Tarihi
2025-03-20 10:15:27
Güncelleme
2025-10-15 13:15:39
Source Identifier
security@huntr.dev
KEV Date Added
-