#VU75176 Path traversal in onnx


Published: 2023-04-17 | Updated: 2024-03-21

Vulnerability identifier: #VU75176

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25882

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
onnx
Universal components / Libraries / Libraries used by multiple products

Vendor: Open Neural Network Exchange

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Request example:

http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa

Mitigation
Install update from vendor's website.

Vulnerable software versions

onnx: 0.1 - 1.12.0

External links
http://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856
http://github.com/onnx/onnx/issues/3991
http://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479
http://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129
http://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d
http://github.com/onnx/onnx/pull/4400

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Watson Machine Learning Accelerator on Cloud Pak for Data
Multiple vulnerabilities in IBM Watson Studio on Cloud Pak for Data
Path traversal in onnx