CVE-2024-7776 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to ina…
Critical CVSS: 9.1

CVE-2024-7776

A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.
Vendor
Onnx
Product
Onnx
CWE
CWE-22
Yayın Tarihi
2025-03-20 10:15:37
Güncelleme
2025-03-26 17:20:27
Source Identifier
security@huntr.dev
KEV Date Added
-

Kategoriler

CWE-22 Onnx CRITICAL Onnx 2025

Referanslar

https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63 https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63