Vulnerabilities > CVE-2024-7776 - Unspecified vulnerability in Onnx

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

onnx

critical

NVD

Published: 2025-03-20

Updated: 2025-03-26

Summary

A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.

Vulnerable Configurations

Part	Description	Count
Application	Onnx Onnx Onnx *	1

References

https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63
https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63